Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-37002

Summary
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
Published At-25 Jun, 2024 | 03:07
Updated At-27 Aug, 2025 | 21:14
Rejected At-
Credits

Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:autodesk
Assigner Org ID:7e40ea87-bc65-4944-9723-dd79dd760601
Published At:25 Jun, 2024 | 03:07
Updated At:27 Aug, 2025 | 21:14
Rejected At:
â–¼CVE Numbering Authority (CNA)
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Affected Products
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD
CPEs
  • cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.4 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Architecture
CPEs
  • cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.4 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Electrical
CPEs
  • cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.4 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Mechanical
CPEs
  • cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_mechnaical:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.4 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD MEP
CPEs
  • cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.4 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD Plant 3D
CPEs
  • cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.4 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
Civil 3D
CPEs
  • cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.4 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
Advance Steel
CPEs
  • cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.4 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Vendor
Autodesk Inc.Autodesk
Product
AutoCAD MAP 3D
CPEs
  • cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
  • cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2025 before 2025.1 (custom)
  • From 2024 before 2024.1.4 (custom)
  • From 2023 before 2023.1.6 (custom)
  • From 2022 before 2022.1.5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-457CWE-457: Use of Uninitialized Variable
Type: CWE
CWE ID: CWE-457
Description: CWE-457: Use of Uninitialized Variable
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
N/A
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
x_transferred
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Resource:
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@autodesk.com
Published At:25 Jun, 2024 | 03:15
Updated At:13 Nov, 2025 | 20:20

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Autodesk Inc.
autodesk
>>autocad>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>Versions from 2024(inclusive) to 2024.1.4(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2024(inclusive) to 2024.1.4(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2024(inclusive) to 2024.1.4(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2024(inclusive) to 2024.1.4(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2024(inclusive) to 2024.1.4(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2024(inclusive) to 2024.1.4(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2024(inclusive) to 2024.1.4(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2024(inclusive) to 2024.1.4(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2022(inclusive) to 2022.1.5(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2023(inclusive) to 2023.1.6(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2024(inclusive) to 2024.1.4(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2025(inclusive) to 2025.1(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-457Secondarypsirt@autodesk.com
CWE-908Primarynvd@nist.gov
CWE ID: CWE-457
Type: Secondary
Source: psirt@autodesk.com
CWE ID: CWE-908
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009psirt@autodesk.com
Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Source: psirt@autodesk.com
Resource:
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

327Records found
CVE-2025-1650
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.36% / 59.03%
||
7 Day CHG+0.12%
Published-13 Mar, 2025 | 16:51
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CATPRODUCT File Parsing Uninitialized Variable Vulnerability

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD ArchitectureAutoCADAutoCAD MechanicalAutoCAD MEPAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-1649
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.50% / 66.33%
||
7 Day CHG+0.16%
Published-13 Mar, 2025 | 16:51
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CATPRODUCT File Parsing Uninitialized Variable Vulnerability

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD ArchitectureAutoCADAutoCAD MechanicalAutoCAD MEPAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-1427
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.77%
||
7 Day CHG+0.09%
Published-13 Mar, 2025 | 16:46
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CATPRODUCT File Parsing Uninitialized Variable Vulnerability

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD ArchitectureAutoCADAutoCAD MechanicalAutoCAD MEPAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-5047
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.14%
||
7 Day CHG+0.08%
Published-15 Aug, 2025 | 14:37
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DGN File Parsing Uninitialized Variable Vulnerability

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_electricalautocad_ltcivil_3dadvance_steelautocad_map_3dautocad_plant_3dautocad_mepautocad_mechanicalautocad_architectureautocadAutoCAD ArchitectureAutoCADAutoCAD LTAutoCAD MechanicalAutoCAD MEPAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2024-23137
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-2.82% / 86.53%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 04:49
Updated-28 Aug, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dadvance_steelautocad_electricalautocad_map_3dautocad_mepautocadcivil_3dAutoCADAutoCAD MechanicalAdvance SteelAutoCAD ArchitectureCivil 3DAutoCAD Plant 3DAutoCAD MEPAutoCAD MAP 3DAutoCAD Electricalautocad_civil_3dautocad_advance_steelautocad
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-23159
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.80% / 74.64%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:33
Updated-13 Nov, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_mepautocadautocad_architecturecivil_3dautocad_mechanicalautocad_electricalautocad_plant_3dadvance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-8896
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.49% / 66.03%
||
7 Day CHG+0.03%
Published-29 Oct, 2024 | 21:43
Updated-26 Aug, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD DXF File Parsing Unitialized Variable Code Execution Vulnerability

A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocadautocad_civil_3dautocad_electricalautocad_ltdwg_trueviewautocad_architectureautocad_mepAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3DRealDWG
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-5042
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.14%
||
7 Day CHG~0.00%
Published-22 Jul, 2025 | 16:02
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RFA File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevitRevit LT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-5040
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.14%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 11:31
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RTE File Parsing Heap-Based Overflow Vulnerability

A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-5037
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.84%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 11:30
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RFA File Parsing Memory Corruption Vulnerability

A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5036
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.14%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 16:55
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RFA File Parsing Use-After-Free Vulnerability

A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-416
Use After Free
CVE-2021-40156
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 62.37%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 16:35
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksAutodesk Navisworks
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40155
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 62.37%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 16:35
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksAutodesk Navisworks
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40157
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.15%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 14:11
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40158
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.44% / 63.88%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-inventorautocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepInventor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40159
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.34% / 57.38%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-inventorautocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepInventor
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-40167
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 62.37%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 19:11
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk® Design Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-29068
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.20%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-aliasautocad_mechanicalnavisworksautocad_map_3dvredautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventormaya_usdautocad_plant_3dautocad_electricalautocad_ltinfraworksrevitAutodesk products
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1659
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.32%
||
7 Day CHG-0.08%
Published-01 Apr, 2025 | 12:28
Updated-26 Feb, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks SimulateNavisworks Freedom
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-7080
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.50% / 66.31%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 17:52
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_software_development_kitAutodesk FBX-SDK
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-29069
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.80% / 74.55%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 06:26
Updated-02 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability.

Action-Not Available
Vendor-Autodesk Inc.
Product-desktop_connectorDesktop Connector
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-37001
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.93%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:03
Updated-13 Nov, 2025 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_mepautocadautocad_architecturecivil_3dautocad_mechanicalautocad_electricalautocad_plant_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27915
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.18%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_architectureautocad_civil_3dautocad_plant_3dautocad_mechanicalautocad_advance_steelautocad_ltautocad_electricalautocad_map_3dautocadautocad_mepAutodesk AutoCAD
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27910
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.05%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_software_development_kitAutodesk FBX SDK
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27911
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.39%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_software_development_kitAutodesk FBX SDK
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27906
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.89%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-maya_usdAutodesk Maya USD Plugin
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-27913
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.14%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_architectureautocad_civil_3dautocad_plant_3dautocad_mechanicalautocad_advance_steelautocad_ltautocad_electricalautocad_map_3dautocadautocad_mepAutodesk AutoCAD
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-27914
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.89%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_architectureautocad_civil_3dautocad_plant_3dautocad_mechanicalautocad_advance_steelautocad_ltautocad_electricalautocad_map_3dautocadautocad_mepAutodesk AutoCAD
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27912
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.14%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_architectureautocad_civil_3dautocad_plant_3dautocad_mechanicalautocad_advance_steelautocad_ltautocad_electricalautocad_map_3dautocadautocad_mepAutodesk AutoCAD
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-27908
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.98%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-installerAutodesk installer
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-27907
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.97%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-maya_usdAutodesk Maya USD Plugin
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2497
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.85%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:55
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWG File Parsing Stack-Based Buffer Vulnerability

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25003
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.36%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-aliasautocad_mechanicalnavisworksautocad_map_3dvredautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventormaya_usdautocad_plant_3dautocad_electricalautocad_ltinfraworksrevit AutoCAD, Maya
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-25005
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.98%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-27 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-infraworksAutodesk InfraWorks
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-25006
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.16%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_max_usdAutodesk 3ds Max USD Plugin
CWE ID-CWE-416
Use After Free
CVE-2023-25002
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.32% / 55.80%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-vred3ds_maxrevitnavisworksMultiple
CWE ID-CWE-416
Use After Free
CVE-2023-25007
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.88%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_max_usdAutodesk 3ds Max USD Plugin
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2023-25001
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.03%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksNavisworks
CWE ID-CWE-416
Use After Free
CVE-2023-25008
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.88%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_max_usdAutodesk 3ds Max USD Plugin
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-25010
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.97%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-maya_usdAutodesk Maya USD Plugin
CWE ID-CWE-665
Improper Initialization
CVE-2023-25009
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.88%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_max_usdAutodesk 3ds Max USD Plugin
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8598
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.28% / 52.30%
||
7 Day CHG+0.05%
Published-29 Oct, 2024 | 21:12
Updated-26 Aug, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD ACTranslators STEP File Parsing Memory Corruption Code Execution Vulnerability

A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1656
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.01%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:56
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF File Parsing Heap-based Overflow Vulnerability

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitAutoCAD ArchitectureAutoCADRevitAutoCAD LTAutoCAD MechanicalAutoCAD MEPAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1651
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 62.72%
||
7 Day CHG+0.13%
Published-13 Mar, 2025 | 16:51
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Heap-Based Buffer Overflow Vulnerability

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD ArchitectureAutoCADAutoCAD MechanicalAutoCAD MEPAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-9458
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.46%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 18:01
Updated-08 May, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Memory Corruption Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-shared_componentsautocad_electricaladvance_steelautocad_map_3drevit_ltautocad_mep3ds_maxautocad_plant_3dinventorautocad_mechanicalautocadcivil_3drevitinfraworksvaultautocad_architectureShared Components
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1652
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.55% / 68.64%
||
7 Day CHG+0.17%
Published-13 Mar, 2025 | 16:51
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD ArchitectureAutoCADAutoCAD MechanicalAutoCAD MEPAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-1660
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.32%
||
7 Day CHG-0.08%
Published-01 Apr, 2025 | 12:29
Updated-26 Feb, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Memory Corruption Vulnerability

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks SimulateNavisworks Freedom
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1658
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 56.68%
||
7 Day CHG+0.02%
Published-01 Apr, 2025 | 12:27
Updated-26 Feb, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks SimulateNavisworks Freedom
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-1430
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 62.72%
||
7 Day CHG+0.13%
Published-13 Mar, 2025 | 16:48
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SLDPRT File Parsing Memory Corruption Vulnerability

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD ArchitectureAutoCADAutoCAD MechanicalAutoCAD MEPAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1433
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 62.22%
||
7 Day CHG+0.13%
Published-13 Mar, 2025 | 16:51
Updated-19 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found