Description

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Related CPE's

a

autodesk

shared_components

Vulnerable

a

autodesk

3ds_max

2026

a

autodesk

advance_steel

2026

a

autodesk

autocad

2026

a

autodesk

autocad_architecture

2026

a

autodesk

autocad_electrical

2026

a

autodesk

autocad_map_3d

2026

a

autodesk

autocad_mechanical

2026

a

autodesk

autocad_mep

2026

a

autodesk

autocad_plant_3d

2026

a

autodesk

civil_3d

2026

a

autodesk

infraworks

2026

-

a

autodesk

inventor

2026

a

autodesk

revit

2026

a

autodesk

revit_lt

2026

a

autodesk

vault

2026

References

https://www.autodesk.com/products/autodesk-access/overview

Product

https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-16T00:16:01.007

3 days ago

Last modified

2025-12-19T14:40:24.787

4 hours ago