ByteOS Network

NVD Vulnerability Details :

CVE-2025-10021

Awaiting Analysis

Source-8a9629cb-c5e7-4d2a-a894-111e8039b7ea

Published At-22 Dec, 2025 | 16:15

Updated At-23 Dec, 2025 | 14:51

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects across translation units (Static Initialization Order Fiasco), the application accesses uninitialized memory. This results in application crash on startup, causing denial of service. Due to undefined behavior, memory corruption and potential arbitrary code execution cannot be ruled out in specific exploitation scenarios.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	7.0	HIGH	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Amber

Type: Secondary

Version: 4.0

Base score: 7.0

Base severity: HIGH

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Amber

Weaknesses

CWE ID	Type	Source
CWE-457	Secondary	8a9629cb-c5e7-4d2a-a894-111e8039b7ea

CWE ID: CWE-457

Type: Secondary

Source: 8a9629cb-c5e7-4d2a-a894-111e8039b7ea

References

Hyperlink	Source	Resource
https://www.opendesign.com/security-advisories	8a9629cb-c5e7-4d2a-a894-111e8039b7ea	N/A

Hyperlink: https://www.opendesign.com/security-advisories

Source: 8a9629cb-c5e7-4d2a-a894-111e8039b7ea

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History