ByteOS Network

CVE-2025-5039

Assigner-Autodesk

View Details

Assigner-Autodesk

CVSS Score-7.8||HIGH

EPSS-0.02% / 4.66%

||

7 Day CHG~0.00%

Published-24 Jul, 2025 | 17:11

Updated-19 Aug, 2025 | 14:15

Privilege Ecalation due to Untrusted Search Path Vulnerability

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

Vendor-Autodesk Inc.

Product-infrastructure_parts_editor vault inventor navisworks_manage navisworks_simulate revit AutoCAD Mechanical AutoCAD Architecture AutoCAD Plant 3D Civil 3D AutoCAD Electrical AutoCAD LT AutoCAD MEP Advance Steel AutoCAD AutoCAD MAP 3D RealDWG

CWE ID-CWE-426

Untrusted Search Path

CVE-2025-1276

Assigner-Autodesk

View Details

Assigner-Autodesk

CVSS Score-7.8||HIGH

EPSS-0.03% / 5.15%

||

7 Day CHG-0.00%

Published-15 Apr, 2025 | 20:55

Updated-19 Aug, 2025 | 13:15

DWG File Parsing Out-of-Bounds Write Vulnerability

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-7675

Assigner-Autodesk

View Details

Assigner-Autodesk

CVSS Score-7.8||HIGH

EPSS-0.12% / 31.31%

||

7 Day CHG~0.00%

Published-30 Sep, 2024 | 20:30

Updated-26 Aug, 2025 | 18:23

DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Vendor-Autodesk Inc.

Product-navisworks Navisworks Manage Navisworks Freedom Navisworks Simulate navisworks_simulate navisworks_manage navisworks_freedom

CWE ID-CWE-416

Use After Free

CVE-2024-7674

Assigner-Autodesk

View Details

Assigner-Autodesk

CVSS Score-7.8||HIGH

EPSS-0.02% / 4.69%

||

7 Day CHG~0.00%

Published-30 Sep, 2024 | 20:30

Updated-26 Aug, 2025 | 19:15

DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Vendor-Autodesk Inc.

Product-navisworks Navisworks Manage Navisworks Freedom Navisworks Simulate navisworks_simulate navisworks_manage navisworks_freedom

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-7673

Assigner-Autodesk

View Details

Assigner-Autodesk

CVSS Score-7.8||HIGH

EPSS-0.02% / 4.69%

||

7 Day CHG~0.00%

Published-30 Sep, 2024 | 20:29

Updated-26 Aug, 2025 | 18:16

DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Vendor-Autodesk Inc.

Product-navisworks Navisworks Manage Navisworks Freedom Navisworks Simulate navisworks_simulate navisworks_manage navisworks_freedom

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-7672

Assigner-Autodesk

View Details

Assigner-Autodesk

CVSS Score-7.8||HIGH

EPSS-0.09% / 25.82%

||

7 Day CHG~0.00%

Published-30 Sep, 2024 | 20:29

Updated-26 Aug, 2025 | 19:15

DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Vendor-Autodesk Inc.

Product-navisworks Navisworks Manage Navisworks Freedom Navisworks Simulate navisworks_simulate navisworks_manage navisworks_freedom

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-7671

Assigner-Autodesk

View Details

Assigner-Autodesk

CVSS Score-7.8||HIGH

EPSS-0.09% / 25.82%

||

7 Day CHG~0.00%

Published-30 Sep, 2024 | 20:28

Updated-26 Aug, 2025 | 18:15

DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Vendor-Autodesk Inc.

Product-navisworks Navisworks Manage Navisworks Freedom Navisworks Simulate navisworks_simulate navisworks_manage navisworks_freedom

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-7670

Assigner-Autodesk

View Details

Assigner-Autodesk

CVSS Score-7.8||HIGH

EPSS-0.09% / 25.82%

||

7 Day CHG~0.00%

Published-30 Sep, 2024 | 20:25

Updated-26 Aug, 2025 | 18:09

DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Vendor-Autodesk Inc.

Product-navisworks Navisworks Manage Navisworks Freedom Navisworks Simulate navisworks_simulate navisworks_manage navisworks_freedom

CWE ID-CWE-125

Out-of-bounds Read

navisworks_simulate

Source -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -