Search criteria
30 vulnerabilities found for shared_components by autodesk
FKIE_CVE-2025-9458
Vulnerability from fkie_nvd - Published: 2025-11-07 18:15 - Updated: 2025-11-19 14:45
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.3 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55631765-98DB-4486-94E6-B8EC023CC0DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"id": "CVE-2025-9458",
"lastModified": "2025-11-19T14:45:56.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Primary"
}
]
},
"published": "2025-11-07T18:15:37.647",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Product"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0019"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-8892
Vulnerability from fkie_nvd - Published: 2025-09-22 19:16 - Updated: 2025-09-25 18:24
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.3 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55631765-98DB-4486-94E6-B8EC023CC0DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"id": "CVE-2025-8892",
"lastModified": "2025-09-25T18:24:00.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-09-22T19:16:28.063",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Product"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0019"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-6636
Vulnerability from fkie_nvd - Published: 2025-07-29 18:15 - Updated: 2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede generar una vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n. Un agente malicioso puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-6636",
"lastModified": "2025-08-19T14:15:42.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.350",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-6637
Vulnerability from fkie_nvd - Published: 2025-07-29 18:15 - Updated: 2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-6637",
"lastModified": "2025-08-19T14:15:42.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.550",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-7675
Vulnerability from fkie_nvd - Published: 2025-07-29 18:15 - Updated: 2025-08-19 14:15
Severity ?
Summary
A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo 3DM manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-7675",
"lastModified": "2025-08-19T14:15:43.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.923",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-7497
Vulnerability from fkie_nvd - Published: 2025-07-29 18:15 - Updated: 2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-7497",
"lastModified": "2025-08-19T14:15:42.883",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.733",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-6635
Vulnerability from fkie_nvd - Published: 2025-07-29 18:15 - Updated: 2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al vincularse o importarse a ciertos productos de Autodesk, puede generar una vulnerabilidad de lectura fuera de los l\u00edmites. Un agente malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-6635",
"lastModified": "2025-08-19T14:15:42.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.170",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-6631
Vulnerability from fkie_nvd - Published: 2025-07-29 18:15 - Updated: 2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-6631",
"lastModified": "2025-08-19T14:15:41.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:31.983",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-5043
Vulnerability from fkie_nvd - Published: 2025-07-29 18:15 - Updated: 2025-08-19 14:15
Severity ?
Summary
A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo 3DM manipulado con fines maliciosos, al vincularse o importarse a ciertos productos de Autodesk, puede generar una vulnerabilidad de desbordamiento basado en mont\u00f3n. Un agente malicioso puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-5043",
"lastModified": "2025-08-19T14:15:41.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:31.783",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-5038
Vulnerability from fkie_nvd - Published: 2025-07-29 18:15 - Updated: 2025-08-19 14:15
Severity ?
Summary
A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo X_T manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede generar una vulnerabilidad de corrupci\u00f3n de memoria. Un agente malicioso puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-5038",
"lastModified": "2025-08-19T14:15:40.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:31.590",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
CVE-2025-9458 (GCVE-0-2025-9458)
Vulnerability from cvelistv5 – Published: 2025-11-07 18:01 – Updated: 2025-11-08 04:55
VLAI?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.3 , < 2026.4
(custom)
cpe:2.3:a:autodesk:shared_components:2026.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T04:55:20.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.4",
"status": "affected",
"version": "2026.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:01:48.595Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0019"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Memory Corruption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-9458",
"datePublished": "2025-11-07T18:01:48.595Z",
"dateReserved": "2025-08-25T14:12:52.995Z",
"dateUpdated": "2025-11-08T04:55:20.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8892 (GCVE-0-2025-8892)
Vulnerability from cvelistv5 – Published: 2025-09-22 19:01 – Updated: 2025-11-07 15:30
VLAI?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.3 , < 2026.4
(custom)
cpe:2.3:a:autodesk:shared_components:2026.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T03:55:40.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.4",
"status": "affected",
"version": "2026.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T15:30:06.556Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0019"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Memory Corruption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-8892",
"datePublished": "2025-09-22T19:01:28.720Z",
"dateReserved": "2025-08-12T15:50:17.780Z",
"dateUpdated": "2025-11-07T15:30:06.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7675 (GCVE-0-2025-7675)
Vulnerability from cvelistv5 – Published: 2025-07-29 17:57 – Updated: 2025-09-25 18:38
VLAI?
Summary
A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-Bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:57.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T18:38:48.179Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "3DM File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-7675",
"datePublished": "2025-07-29T17:57:36.134Z",
"dateReserved": "2025-07-15T12:31:56.589Z",
"dateUpdated": "2025-09-25T18:38:48.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7497 (GCVE-0-2025-7497)
Vulnerability from cvelistv5 – Published: 2025-07-29 17:57 – Updated: 2025-08-19 13:22
VLAI?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-Bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:56.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:22:46.904Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-7497",
"datePublished": "2025-07-29T17:57:13.572Z",
"dateReserved": "2025-07-11T15:02:31.021Z",
"dateUpdated": "2025-08-19T13:22:46.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6637 (GCVE-0-2025-6637)
Vulnerability from cvelistv5 – Published: 2025-07-29 17:56 – Updated: 2025-08-19 13:22
VLAI?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-Bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:55.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:22:28.965Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6637",
"datePublished": "2025-07-29T17:56:50.031Z",
"dateReserved": "2025-06-25T13:44:28.817Z",
"dateUpdated": "2025-08-19T13:22:28.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6636 (GCVE-0-2025-6636)
Vulnerability from cvelistv5 – Published: 2025-07-29 17:54 – Updated: 2025-08-19 13:22
VLAI?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:54.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:22:14.824Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Use-After-Free Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6636",
"datePublished": "2025-07-29T17:54:02.053Z",
"dateReserved": "2025-06-25T13:44:27.794Z",
"dateUpdated": "2025-08-19T13:22:14.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6635 (GCVE-0-2025-6635)
Vulnerability from cvelistv5 – Published: 2025-07-29 17:53 – Updated: 2025-08-19 13:21
VLAI?
Summary
A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-125 - Out-of-Bounds Read
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:52.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:21:59.522Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Read Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6635",
"datePublished": "2025-07-29T17:53:35.895Z",
"dateReserved": "2025-06-25T13:44:26.482Z",
"dateUpdated": "2025-08-19T13:21:59.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6631 (GCVE-0-2025-6631)
Vulnerability from cvelistv5 – Published: 2025-07-29 17:53 – Updated: 2025-08-19 13:21
VLAI?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-Bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:52.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:21:00.832Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6631",
"datePublished": "2025-07-29T17:53:04.135Z",
"dateReserved": "2025-06-25T13:43:01.062Z",
"dateUpdated": "2025-08-19T13:21:00.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5043 (GCVE-0-2025-5043)
Vulnerability from cvelistv5 – Published: 2025-07-29 17:52 – Updated: 2025-09-25 18:38
VLAI?
Summary
A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-Based Buffer Overflow
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:50.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T18:38:18.347Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "3DM File Parsing Heap-Based Overflow Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5043",
"datePublished": "2025-07-29T17:52:37.857Z",
"dateReserved": "2025-05-21T13:01:02.814Z",
"dateUpdated": "2025-09-25T18:38:18.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5038 (GCVE-0-2025-5038)
Vulnerability from cvelistv5 – Published: 2025-07-29 17:51 – Updated: 2025-09-25 18:36
VLAI?
Summary
A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:49.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T18:36:58.792Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "X_T File Parsing Memory Corruption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5038",
"datePublished": "2025-07-29T17:51:59.877Z",
"dateReserved": "2025-05-21T13:00:58.307Z",
"dateUpdated": "2025-09-25T18:36:58.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9458 (GCVE-0-2025-9458)
Vulnerability from nvd – Published: 2025-11-07 18:01 – Updated: 2025-11-08 04:55
VLAI?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.3 , < 2026.4
(custom)
cpe:2.3:a:autodesk:shared_components:2026.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T04:55:20.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.4",
"status": "affected",
"version": "2026.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T18:01:48.595Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0019"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Memory Corruption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-9458",
"datePublished": "2025-11-07T18:01:48.595Z",
"dateReserved": "2025-08-25T14:12:52.995Z",
"dateUpdated": "2025-11-08T04:55:20.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8892 (GCVE-0-2025-8892)
Vulnerability from nvd – Published: 2025-09-22 19:01 – Updated: 2025-11-07 15:30
VLAI?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.3 , < 2026.4
(custom)
cpe:2.3:a:autodesk:shared_components:2026.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T03:55:40.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.4",
"status": "affected",
"version": "2026.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T15:30:06.556Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0019"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Memory Corruption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-8892",
"datePublished": "2025-09-22T19:01:28.720Z",
"dateReserved": "2025-08-12T15:50:17.780Z",
"dateUpdated": "2025-11-07T15:30:06.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7675 (GCVE-0-2025-7675)
Vulnerability from nvd – Published: 2025-07-29 17:57 – Updated: 2025-09-25 18:38
VLAI?
Summary
A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-Bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:57.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T18:38:48.179Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "3DM File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-7675",
"datePublished": "2025-07-29T17:57:36.134Z",
"dateReserved": "2025-07-15T12:31:56.589Z",
"dateUpdated": "2025-09-25T18:38:48.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7497 (GCVE-0-2025-7497)
Vulnerability from nvd – Published: 2025-07-29 17:57 – Updated: 2025-08-19 13:22
VLAI?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-Bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:56.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:22:46.904Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-7497",
"datePublished": "2025-07-29T17:57:13.572Z",
"dateReserved": "2025-07-11T15:02:31.021Z",
"dateUpdated": "2025-08-19T13:22:46.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6637 (GCVE-0-2025-6637)
Vulnerability from nvd – Published: 2025-07-29 17:56 – Updated: 2025-08-19 13:22
VLAI?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-Bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:55.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:22:28.965Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6637",
"datePublished": "2025-07-29T17:56:50.031Z",
"dateReserved": "2025-06-25T13:44:28.817Z",
"dateUpdated": "2025-08-19T13:22:28.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6636 (GCVE-0-2025-6636)
Vulnerability from nvd – Published: 2025-07-29 17:54 – Updated: 2025-08-19 13:22
VLAI?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:54.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:22:14.824Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Use-After-Free Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6636",
"datePublished": "2025-07-29T17:54:02.053Z",
"dateReserved": "2025-06-25T13:44:27.794Z",
"dateUpdated": "2025-08-19T13:22:14.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6635 (GCVE-0-2025-6635)
Vulnerability from nvd – Published: 2025-07-29 17:53 – Updated: 2025-08-19 13:21
VLAI?
Summary
A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-125 - Out-of-Bounds Read
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:52.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:21:59.522Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Read Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6635",
"datePublished": "2025-07-29T17:53:35.895Z",
"dateReserved": "2025-06-25T13:44:26.482Z",
"dateUpdated": "2025-08-19T13:21:59.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6631 (GCVE-0-2025-6631)
Vulnerability from nvd – Published: 2025-07-29 17:53 – Updated: 2025-08-19 13:21
VLAI?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-Bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:52.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:21:00.832Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6631",
"datePublished": "2025-07-29T17:53:04.135Z",
"dateReserved": "2025-06-25T13:43:01.062Z",
"dateUpdated": "2025-08-19T13:21:00.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5043 (GCVE-0-2025-5043)
Vulnerability from nvd – Published: 2025-07-29 17:52 – Updated: 2025-09-25 18:38
VLAI?
Summary
A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-Based Buffer Overflow
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:50.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T18:38:18.347Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "3DM File Parsing Heap-Based Overflow Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5043",
"datePublished": "2025-07-29T17:52:37.857Z",
"dateReserved": "2025-05-21T13:01:02.814Z",
"dateUpdated": "2025-09-25T18:38:18.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5038 (GCVE-0-2025-5038)
Vulnerability from nvd – Published: 2025-07-29 17:51 – Updated: 2025-09-25 18:36
VLAI?
Summary
A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Autodesk | Shared Components |
Affected:
2026.2 , < 2026.3
(custom)
cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:49.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.8",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.8",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T18:36:58.792Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "X_T File Parsing Memory Corruption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5038",
"datePublished": "2025-07-29T17:51:59.877Z",
"dateReserved": "2025-05-21T13:00:58.307Z",
"dateUpdated": "2025-09-25T18:36:58.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}