FKIE_CVE-2025-8893
Vulnerability from fkie_nvd - Published: 2025-09-16 15:15 - Updated: 2025-09-19 13:52
Severity ?
Summary
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "233064C8-C3E0-4BC7-9289-28E40C5E31A4",
"versionEndExcluding": "2025.4.3",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1EA8A6E-9199-42C0-A807-952406DA952C",
"versionEndExcluding": "2026.3",
"versionStartIncluding": "2026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66B0B67D-64D6-41F7-AB4B-2653BC51D026",
"versionEndExcluding": "2024.1.8",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D50BA86C-8012-4AD8-AA9D-DF41278C5049",
"versionEndExcluding": "2025.1.3",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0479E2-96AB-40F4-B0FA-3A383E7DE66A",
"versionEndExcluding": "2026.1",
"versionStartIncluding": "2026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E9CC04-B5AC-4525-870A-0918AC2AB4AD",
"versionEndExcluding": "2024.1.8",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99B3A33A-99DF-4BB2-8AA4-2960422C9C8C",
"versionEndExcluding": "2025.1.3",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "996E5628-78A2-42A3-91E7-E54D814D8068",
"versionEndExcluding": "2026.1",
"versionStartIncluding": "2026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8014E1F-EA63-4898-936D-B6945920ADCC",
"versionEndExcluding": "2024.1.8",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98BCB2ED-A4C2-49F2-8F56-DC4DC896D343",
"versionEndExcluding": "2025.1.3",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7947EDF4-C754-48B0-9270-EEA698E6F048",
"versionEndExcluding": "2026.1",
"versionStartIncluding": "2026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C183351D-FF44-49F6-B703-BD186ACDC658",
"versionEndExcluding": "2024.1.8",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16DDAD2E-730B-49A4-8423-8630FF0E7571",
"versionEndExcluding": "2025.1.3",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "782C3D4E-8384-4A4E-BDBE-7AFB370B13BA",
"versionEndExcluding": "2026.1",
"versionStartIncluding": "2026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08F0B7FF-A0AF-45A6-BCD8-ED3CDF131749",
"versionEndExcluding": "2024.1.8",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F07B2E77-DB15-4E63-B6E3-80331CF56B30",
"versionEndExcluding": "2025.1.3",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A50FB1-FF20-4FC4-953E-702576FC487E",
"versionEndExcluding": "2026.1",
"versionStartIncluding": "2026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C0D7FC-F1AC-4882-9B75-EE93182593A4",
"versionEndExcluding": "2024.1.8",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F38F358-7F2D-4E71-B546-0DCD04F4DCCD",
"versionEndExcluding": "2025.1.3",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15E833D7-0BF9-4213-ACF6-622CC4BC4D0A",
"versionEndExcluding": "2026.1",
"versionStartIncluding": "2026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C746E50-6500-4BD9-B9AD-E58B49163FCC",
"versionEndExcluding": "2024.1.8",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9DD3780-1C5F-47EA-BC81-9E679FB3628C",
"versionEndExcluding": "2025.1.3",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34E2392F-D068-4AB1-83D8-E70E9F9871F4",
"versionEndExcluding": "2026.1",
"versionStartIncluding": "2026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2500CC71-B7D3-412A-AB2B-E9B748A3785E",
"versionEndExcluding": "2024.1.8",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBAABF0-47ED-4AE8-95EF-CA88AC482ED7",
"versionEndExcluding": "2025.1.3",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5417086A-F453-4A1E-A151-4D9E5CB9C4EA",
"versionEndExcluding": "2026.1",
"versionStartIncluding": "2026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA97DB73-C60B-4BA5-97B7-EF1424A203DA",
"versionEndExcluding": "2024.1.8",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC953B9-8AE6-467C-9949-9617DAC9EC0E",
"versionEndExcluding": "2025.1.3",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBB17CA-9BB5-43C7-ACAF-3F490A9BB5FF",
"versionEndExcluding": "2026.1",
"versionStartIncluding": "2026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07B7101B-1613-4076-934C-1FA34BBB3D11",
"versionEndExcluding": "2024.1.8",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE367F62-0A0A-4102-85A2-E3E57FE61A24",
"versionEndExcluding": "2025.1.3",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCE6B4D-6432-4F5D-9004-B277BF117CD7",
"versionEndExcluding": "2026.1",
"versionStartIncluding": "2026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"id": "CVE-2025-8893",
"lastModified": "2025-09-19T13:52:47.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-09-16T15:15:46.760",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Product"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0018"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…