Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-27915

Summary
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
Published At-14 Apr, 2023 | 00:00
Updated At-06 Feb, 2025 | 21:10
Rejected At-
Credits

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:autodesk
Assigner Org ID:7e40ea87-bc65-4944-9723-dd79dd760601
Published At:14 Apr, 2023 | 00:00
Updated At:06 Feb, 2025 | 21:10
Rejected At:
▼CVE Numbering Authority (CNA)

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Affected Products
Vendor
n/a
Product
Autodesk AutoCAD
Versions
Affected
  • 2023
Problem Types
TypeCWE IDDescription
textN/AMemory Corruption Read
Type: text
CWE ID: N/A
Description: Memory Corruption Read
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005
N/A
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005
x_transferred
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@autodesk.com
Published At:14 Apr, 2023 | 19:15
Updated At:06 Feb, 2025 | 21:15

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Autodesk Inc.
autodesk
>>autocad>>Versions from 2023(inclusive) to 2023.1.3(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_advance_steel>>Versions from 2023(inclusive) to 2023.1.3(exclusive)
cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2023(inclusive) to 2023.1.3(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_civil_3d>>Versions from 2023(inclusive) to 2023.1.3(exclusive)
cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2023(inclusive) to 2023.1.3(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>Versions from 2023(inclusive) to 2023.1.3(exclusive)
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2023(inclusive) to 2023.1.3(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2023(inclusive) to 2023.1.3(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2023(inclusive) to 2023.1.3(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2023(inclusive) to 2023.1.3(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-125Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-125
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005psirt@autodesk.com
Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005
Source: psirt@autodesk.com
Resource:
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

3176Records found
CVE-2022-33888
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.88%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 14:24
Updated-20 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_ltautocadautocad_plant_3dautocad_civil_3dautocad_map_3dautocad_mepautocad_advance_steelautocad_architectureautocad_mechanicalautocad_electricalutodesk® AutoCAD®, Advance Steel and Civil 3D®
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33890
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.07%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicaldesign_reviewautocad_plant_3dautocad_map_3dautocadautocad_civil_3dautocad_electricalautocad_ltautocad_architectureautocad_mepAutodesk® Design Review,
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33881
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.84%
||
7 Day CHG~0.00%
Published-29 Jul, 2022 | 15:18
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocad_map_3dautocadautocad_civil_3dautocad_electricalautocad_ltautocad_architectureautocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33883
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.80%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 14:28
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-moldflow_communicatormoldflow_synergyadvanced_material_exchangemoldflow_adviserMoldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33889
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.51%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 14:22
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicaldesign_reviewautocad_plant_3dautocad_map_3dautocadautocad_civil_3dautocad_electricalautocad_ltautocad_architectureautocad_mepAutodesk® Design Review, Autodesk® Advance Steel, Autodesk® Civil 3D®
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33885
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.09%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 14:24
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocad_map_3dautocadautocad_civil_3dautocad_electricalautocad_ltautocad_architectureautocad_meputodesk® AutoCAD®, Advance Steel and Civil 3D®
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37006
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.18%
||
7 Day CHG-0.28%
Published-25 Jun, 2024 | 03:15
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37005
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 54.91%
||
7 Day CHG-0.50%
Published-25 Jun, 2024 | 03:13
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-36999
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.36%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:33
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37008
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.17%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 10:02
Updated-26 Aug, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Overflow Vulnerability in Revit Software

A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevitRevit LTrevit_lt
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27531
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.25%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 15:46
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_maxAutodesk 3ds Max
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27866
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.43%
||
7 Day CHG~0.00%
Published-29 Jul, 2022 | 19:01
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27870
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.99%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 14:23
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocadAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27529
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 57.91%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:20
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27869
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 57.91%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 14:23
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocadAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27527
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.57%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:26
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksNavisworks
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27526
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.99%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:20
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27525
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.53% / 66.31%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:20
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk® Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27532
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.26%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 15:47
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_maxAutodesk 3ds Max
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27530
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.75% / 72.18%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:20
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27044
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.97% / 75.71%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 14:11
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-8593
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:08
Updated-26 Aug, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Code Execution Vulnerability

A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37003
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.83%
||
7 Day CHG-0.15%
Published-25 Jun, 2024 | 03:12
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37001
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.21%
||
7 Day CHG-0.22%
Published-25 Jun, 2024 | 03:03
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8592
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.06%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:39
Updated-26 Aug, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD CATPART File Parsing Memory Corruption Code Execution Vulnerability

A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dwindowsautocadautocad_civil_3dautocad_electricalautocad_architectureautocad_mepAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3D
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27036
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.48%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:17
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7991
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.17%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:49
Updated-26 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD DWG Out-of-Bounds Write Code Execution Vulnerability

A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricaldwg_trueviewautocad_mepautocad_ltautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3DRealDWG
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27041
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 57.91%
||
7 Day CHG~0.00%
Published-25 Jun, 2021 | 12:41
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code

Action-Not Available
Vendor-iconicsn/aMitsubishi Electric CorporationAutodesk Inc.
Product-mc_works64autocad_mechanicaldesign_reviewautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dgenesis64autocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27027
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.41%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 15:08
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25789
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.68% / 70.60%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-416
Use After Free
CVE-2022-25795
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.49% / 64.69%
||
7 Day CHG~0.00%
Published-13 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocadRevit, Navisworks, Autodesk® Advance Steel, AutoCAD®, AutoCAD® Architecture, AutoCAD® Electrical, AutoCAD® Map 3D, AutoCAD® Mechanical, AutoCAD® MEP, AutoCAD® Plant 3D, AutoCAD® LT, Autodesk® Civil 3D, AutoCAD® Mac, AutoCAD® LT for Mac
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-25793
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.58%
||
7 Day CHG-0.03%
Published-10 Aug, 2022 | 16:03
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_maxAutodesk 3ds Max
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-6634
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.42%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 20:43
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TGA File Parsing Memory Corruption Vulnerability

A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-6636
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.42%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:54
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Use-After-Free Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_electricalinventorinfraworksadvance_steelrevit_ltcivil_3drevitautocad_mepautocad_architectureautocad_mechanicalshared_componentsautocad_plant_3dvault3ds_maxautocad_map_3dShared Components
CWE ID-CWE-416
Use After Free
CVE-2025-5335
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.64%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 14:50
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Ecalation due to Untrusted Search Path Vulnerability

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-Autodesk Inc.
Product-installerInstaller
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-40159
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.18%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-inventorautocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepInventor
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-40166
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.11%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-infrastructure_parts_editorautocad_mechanicaldesign_reviewnavisworksautocad_map_3dautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventorstorm_and_sanitary_analysisautocad_plant_3dautocad_ltautocad_electricalinfraworksfusiondwg_trueviewrevitRevit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-416
Use After Free
CVE-2025-5043
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.42%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:52
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
3DM File Parsing Heap-Based Overflow Vulnerability

A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_electricalinventorinfraworksadvance_steelrevit_ltcivil_3drevitautocad_mepautocad_architectureautocad_mechanicalshared_componentsautocad_plant_3dvault3ds_maxautocad_map_3dShared Components
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-5037
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.17%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 11:30
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RFA File Parsing Memory Corruption Vulnerability

A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5048
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.42%
||
7 Day CHG~0.00%
Published-15 Aug, 2025 | 14:38
Updated-20 Aug, 2025 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DGN File Parsing Memory Corruption Vulnerability

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_electricalautocad_ltcivil_3dadvance_steelautocad_map_3dautocad_plant_3dautocad_mepautocad_mechanicalautocad_architectureautocadAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD LTAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-7079
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.34%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 17:54
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-dynamo_bimAutodesk Dynamo BIM
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-37002
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.19%
||
7 Day CHG+0.02%
Published-25 Jun, 2024 | 03:07
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2024-37004
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.41%
||
7 Day CHG-0.27%
Published-25 Jun, 2024 | 03:13
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-416
Use After Free
CVE-2024-37007
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.67% / 70.47%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:35
Updated-27 Aug, 2025 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3dautocadautocad_mechanicaladvance_steelautocad_electricalautocad_plant_3dautocad_architectureautocad_mepautocad_map_3dAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-416
Use After Free
CVE-2023-25010
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.05%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-maya_usdAutodesk Maya USD Plugin
CWE ID-CWE-665
Improper Initialization
CVE-2025-5036
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.44%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 16:55
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RFA File Parsing Use-After-Free Vulnerability

A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-416
Use After Free
CVE-2025-5038
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.42%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:51
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X_T File Parsing Memory Corruption Vulnerability

A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_electricalinventorinfraworksadvance_steelrevit_ltcivil_3drevitautocad_mepautocad_architectureautocad_mechanicalshared_componentsautocad_plant_3dvault3ds_maxautocad_map_3dShared Components
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5039
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.70%
||
7 Day CHG~0.00%
Published-24 Jul, 2025 | 17:11
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Ecalation due to Untrusted Search Path Vulnerability

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

Action-Not Available
Vendor-Autodesk Inc.
Product-infrastructure_parts_editorvaultinventornavisworks_managenavisworks_simulaterevitAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD LTAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3DRealDWG
CWE ID-CWE-426
Untrusted Search Path
CVE-2025-5047
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.42%
||
7 Day CHG~0.00%
Published-15 Aug, 2025 | 14:37
Updated-20 Aug, 2025 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DGN File Parsing Uninitialized Variable Vulnerability

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_electricalautocad_ltcivil_3dadvance_steelautocad_map_3dautocad_plant_3dautocad_mepautocad_mechanicalautocad_architectureautocadAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD LTAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2025-5040
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.17%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 11:31
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RTE File Parsing Heap-Based Overflow Vulnerability

A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-122
Heap-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 63
  • 64
  • Next
Details not found