Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-10881

Summary
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
Published At-15 Dec, 2025 | 23:39
Updated At-07 May, 2026 | 19:28
Rejected At-
Credits

CATPRODUCT File Parsing Heap-Based Overflow Vulnerability

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:autodesk
Assigner Org ID:7e40ea87-bc65-4944-9723-dd79dd760601
Published At:15 Dec, 2025 | 23:39
Updated At:07 May, 2026 | 19:28
Rejected At:
â–¼CVE Numbering Authority (CNA)
CATPRODUCT File Parsing Heap-Based Overflow Vulnerability

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Affected Products
Vendor
Autodesk Inc.Autodesk
Product
Shared Components
CPEs
  • cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 1.8.0.7 before 1.9.0.7 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122 Heap-Based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122 Heap-Based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/products/autodesk-access/overview
patch
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024
vendor-advisory
Hyperlink: https://www.autodesk.com/products/autodesk-access/overview
Resource:
patch
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@autodesk.com
Published At:16 Dec, 2025 | 00:15
Updated At:19 Dec, 2025 | 14:40

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Autodesk Inc.
autodesk
>>shared_components>>Versions before 2026.5(exclusive)
cpe:2.3:a:autodesk:shared_components:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>3ds_max>>2026
cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>2026
cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>2026
cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>2026
cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>2026
cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>2026
cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>2026
cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>2026
cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>2026
cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>2026
cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>infraworks>>2026
cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>inventor>>2026
cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>revit>>2026
cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>revit_lt>>2026
cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>vault>>2026
cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Secondarypsirt@autodesk.com
CWE ID: CWE-122
Type: Secondary
Source: psirt@autodesk.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.autodesk.com/products/autodesk-access/overviewpsirt@autodesk.com
Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024psirt@autodesk.com
Vendor Advisory
Hyperlink: https://www.autodesk.com/products/autodesk-access/overview
Source: psirt@autodesk.com
Resource:
Product
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024
Source: psirt@autodesk.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

796Records found
CVE-2024-8594
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.81%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:09
Updated-26 Aug, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Code Execution Vulnerability

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8587
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.61%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:03
Updated-03 Sep, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_mechanicalautocad_plant_3dadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepAutoCAD MEPAdvance SteelAutoCAD MAP 3DAutoCAD MechanicalCivil 3DAutoCADAutoCAD Plant 3DAutoCAD Architecture
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7673
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 24.98%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 20:29
Updated-26 Aug, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulatenavisworks_simulatenavisworks_managenavisworks_freedom
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-9458
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.10%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 18:01
Updated-08 May, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Memory Corruption Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-shared_componentsautocad_electricaladvance_steelautocad_map_3drevit_ltautocad_mep3ds_maxautocad_plant_3dinventorautocad_mechanicalautocadcivil_3drevitinfraworksvaultautocad_architectureShared Components
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-8894
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.50%
||
7 Day CHG~0.00%
Published-16 Sep, 2025 | 14:19
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF File Parsing Heap-Based Buffer Overflow Vulnerability

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_mechanicalrevitautocad_plant_3dautocad_mepautocadadvance_steelautocad_ltautocad_electricalcivil_3dAutoCAD ArchitectureAutoCADRevitAutoCAD MechanicalAutoCAD LTAutoCAD MEPRevit LTAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-9457
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.53%
||
7 Day CHG-0.00%
Published-15 Dec, 2025 | 23:37
Updated-08 May, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Memory Corruption Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-shared_componentsautocad_electricaladvance_steelautocad_map_3drevit_ltautocad_mep3ds_maxautocad_plant_3dinventorautocad_mechanicalautocadcivil_3drevitinfraworksvaultautocad_architectureShared Components
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37001
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.72%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:03
Updated-13 Nov, 2025 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_mepautocadautocad_architecturecivil_3dautocad_mechanicalautocad_electricalautocad_plant_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23155
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.25%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:28
Updated-26 Aug, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3dautocadautocad_mechanicaladvance_steelautocad_electricalautocad_plant_3dautocad_architectureautocad_mepautocad_map_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocad_advance_steel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8591
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.23%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:08
Updated-26 Aug, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Code Execution Vulnerability

A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7674
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 24.98%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 20:30
Updated-26 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulatenavisworks_simulatenavisworks_managenavisworks_freedom
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23154
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.61% / 69.94%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:27
Updated-13 Nov, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_mepautocadautocad_architecturecivil_3dautocad_mechanicalautocad_electricalautocad_plant_3dadvance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3d
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23127
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.77%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 02:59
Updated-31 Dec, 2025 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3dautocad_map_3dautocad_plant_3dautocad_architectureautocad_mechanicalautocadadvance_steelautocad_mepautocad_electricalAutoCADAutoCAD MechanicalAdvance SteelAutoCAD ArchitectureCivil 3DAutoCAD Plant 3DAutoCAD MEPAutoCAD MAP 3DAutoCAD Electricalautocad_civil_3dautocad_advance_steelautocad
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27911
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.18%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_software_development_kitAutodesk FBX SDK
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5040
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.77%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 11:31
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RTE File Parsing Heap-Based Overflow Vulnerability

A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-5043
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.88%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:52
Updated-04 May, 2026 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
3DM File Parsing Heap-Based Overflow Vulnerability

A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_electricalinventorinfraworksadvance_steelrevit_ltcivil_3drevitautocad_mepautocad_architectureautocad_mechanicalshared_componentsautocad_plant_3dvault3ds_maxautocad_map_3dShared ComponentsAutoCAD
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-12670
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.77%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:28
Updated-13 Nov, 2025 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2497
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.78%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:55
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWG File Parsing Stack-Based Buffer Vulnerability

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12669
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.77%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:27
Updated-26 Aug, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1651
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.49%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:51
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Heap-Based Buffer Overflow Vulnerability

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD ArchitectureAutoCADAutoCAD MechanicalAutoCAD MEPAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1656
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.78%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:56
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF File Parsing Heap-based Overflow Vulnerability

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitAutoCAD ArchitectureAutoCADRevitAutoCAD LTAutoCAD MechanicalAutoCAD MEPAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1429
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.49%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:47
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Heap-Based Buffer Overflow Vulnerability

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD ArchitectureAutoCADAutoCAD MechanicalAutoCAD MEPAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1275
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.97%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:54
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JPG File Parsing Heap-Based Overflow Vulnerability

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_ltdwg_trueviewautocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3drevitautocad_map_3dautocad_mepAutoCAD ArchitectureAutoCADRevitAutoCAD MechanicalAutoCAD LTAutoCAD MEPAutoCAD MAP 3DDWG TrueViewAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1273
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.78%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:56
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF File Parsing Heap-Based Overflow Vulnerability

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitAutoCAD ArchitectureAutoCADRevitAutoCAD LTAutoCAD MechanicalAutoCAD MEPAutoCAD MAP 3DAutoCAD ElectricalAdvance SteelCivil 3DAutoCAD Plant 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12179
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.51% / 66.51%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:19
Updated-26 Aug, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11608
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.69% / 72.07%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 17:53
Updated-26 Sep, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevitrevit
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-10888
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.79%
||
7 Day CHG-0.02%
Published-15 Dec, 2025 | 23:43
Updated-07 May, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Out-of-Bounds Write Vulnerability

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-10883
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.79%
||
7 Day CHG-0.02%
Published-15 Dec, 2025 | 23:40
Updated-07 May, 2026 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CATPRODUCT File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-10899
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.79%
||
7 Day CHG-0.02%
Published-15 Dec, 2025 | 23:45
Updated-07 May, 2026 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Out-of-Bounds Write Vulnerability

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-10887
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.31%
||
7 Day CHG-0.02%
Published-15 Dec, 2025 | 23:42
Updated-07 May, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Memory Corruption Vulnerability

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-10889
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.79%
||
7 Day CHG-0.02%
Published-15 Dec, 2025 | 23:43
Updated-07 May, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CATPART File Parsing Memory Corruption Vulnerability

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-10898
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.79%
||
7 Day CHG-0.02%
Published-15 Dec, 2025 | 23:44
Updated-07 May, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Out-of-Bounds Write Vulnerability

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-10885
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.36%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 17:01
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation Vulnerability

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM.

Action-Not Available
Vendor-Autodesk Inc.
Product-installerInstaller
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-10886
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.92%
||
7 Day CHG-0.02%
Published-15 Dec, 2025 | 23:42
Updated-07 May, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Memory Corruption Vulnerability

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-10882
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.79%
||
7 Day CHG-0.02%
Published-15 Dec, 2025 | 23:40
Updated-07 May, 2026 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X_T File Parsing Out-of-Bounds Write Vulnerability

AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-10884
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 6.79%
||
7 Day CHG-0.02%
Published-15 Dec, 2025 | 23:41
Updated-07 May, 2026 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CATPART File Parsing Out-of-Bounds Write Vulnerability

AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-9827
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.60%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:14
Updated-25 Apr, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD ACTranslators CATPART File Parsing Out-Of-Bounds Read Vulnerability

A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAutoCAD MEPAutoCAD ElectricalAutoCAD ArchitectureAdvance SteelAutoCADAutoCAD MAP 3DCivil 3DAutoCAD MechanicalAutoCAD Plant 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-9826
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.12%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:14
Updated-26 Aug, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD ACTranslators 3DM File Parsing Use-After-Free Code Execution Vulnerability

A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-416
Use After Free
CVE-2024-9996
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.53% / 67.22%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:45
Updated-26 Aug, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Code Execution Vulnerability

A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_ltautocadautocad_advance_steelautocad_plant_3ddwg_trueviewautocad_civil_3dautocad_mechanicalautocad_mepautocad_electricalautocad_architectureAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3DRealDWG
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-9997
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.53% / 67.22%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:45
Updated-26 Aug, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability

A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_ltautocad_mepdwg_trueviewautocad_mechanicalautocad_civil_3dautocad_electricalautocadautocad_advance_steelautocad_architectureautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3DRealDWG
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8600
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.81%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:14
Updated-26 Aug, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8598
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.81%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:12
Updated-26 Aug, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD ACTranslators STEP File Parsing Memory Corruption Code Execution Vulnerability

A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8593
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.81%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:08
Updated-26 Aug, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Code Execution Vulnerability

A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8589
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.60%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:07
Updated-26 Aug, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-8896
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.45% / 63.95%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:43
Updated-26 Aug, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD DXF File Parsing Unitialized Variable Code Execution Vulnerability

A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocadautocad_civil_3dautocad_electricalautocad_ltdwg_trueviewautocad_architectureautocad_mepAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3DRealDWG
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-8597
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.23% / 45.81%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:12
Updated-26 Aug, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD STEP File Parsing Memory Corruption Code Execution Vulnerability

A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8595
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.29% / 52.12%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:10
Updated-26 Aug, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD MODEL File Parsing Use-After-Free Code Execution Vulnerability

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-416
Use After Free
CVE-2024-8588
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.60%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:06
Updated-26 Aug, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-25001
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.68%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksNavisworks
CWE ID-CWE-416
Use After Free
CVE-2024-37003
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.20%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:12
Updated-13 Nov, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_mepautocadautocad_architecturecivil_3dautocad_mechanicalautocad_electricalautocad_plant_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7079
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 32.07%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 17:54
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-dynamo_bimAutodesk Dynamo BIM
CWE ID-CWE-426
Untrusted Search Path
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 15
  • 16
  • Next
Details not found