Multiple vulnerabilities in Autodesk Products
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2025-1274 CVE-2025-1276 CVE-2025-1277 CVE-2025-1656 CVE-2025-1273 CVE-2025-2497 CVE-2025-1275 |
| CWE-ID | CWE-787 CWE-119 CWE-122 CWE-121 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Revit Client/Desktop applications / Multimedia software AutoCAD Architecture Client/Desktop applications / Multimedia software AutoCAD Electrical Client/Desktop applications / Multimedia software AutoCAD Map 3D Client/Desktop applications / Multimedia software AutoCAD Mechanical Client/Desktop applications / Multimedia software AutoCAD MEP Client/Desktop applications / Multimedia software AutoCAD Plant 3D Client/Desktop applications / Multimedia software Advance Steel Client/Desktop applications / Multimedia software Autodesk Civil 3D Client/Desktop applications / Multimedia software AutoCAD LT Client/Desktop applications / Multimedia software Infrastructure Parts Editor Client/Desktop applications / Multimedia software Autodesk AutoCAD Other software / Other software solutions Autodesk Navisworks Manage Other software / Other software solutions Autodesk Navisworks Simulate Other software / Other software solutions Autodesk Vault Basic Client Other software / Other software solutions Autodesk Inventor Client/Desktop applications / Other client software |
| Vendor | Autodesk |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU107484
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1274
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted RCS file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRevit: 2025 - 2025.4
CPE2.3- cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025.2:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0007
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU107492
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1276
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted DWG file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAutodesk AutoCAD: 2023 - 2025.1.1
AutoCAD Architecture: 2023 - 2025.1.1
AutoCAD Electrical: 2023 - 2025.1.1
AutoCAD Map 3D: 2023 - 2025
AutoCAD Mechanical: 2023 - 2025.1.1
AutoCAD MEP: 2023 - 2025.1.1
AutoCAD Plant 3D: 2023 - 2025.1.1
Advance Steel: 2023 - 2025.1.1
Autodesk Civil 3D: 2023 - 2025.1.1
AutoCAD LT: 2023 - 2025.1.1
Infrastructure Parts Editor: 2025
Autodesk Inventor: 2025
Autodesk Navisworks Manage: 2025
Autodesk Navisworks Simulate: 2025
Revit: 2025
Autodesk Vault Basic Client: 2025
CPE2.3- cpe:2.3:a:autodesk:autodesk_autocad:*:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2024.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:infrastructure_parts_editor:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_inventor:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_navisworks_manage:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_navisworks_simulate:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_vault_basic_client:2025:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU107490
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1277
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRevit: 2025 - 2025.4
CPE2.3- cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025.2:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU107488
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1656
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRevit: 2025 - 2025.4
CPE2.3- cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025.2:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU107487
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1273
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted PDF file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRevit: 2025 - 2025.4
CPE2.3- cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025.2:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Stack-based buffer overflow
EUVDB-ID: #VU107486
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-2497
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trick a victim to open a specially rafted DWG file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRevit: 2025 - 2025.4
CPE2.3- cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025.2:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0005
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU107485
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1275
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted JPG file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRevit: 2025 - 2025.4
Autodesk AutoCAD: 2023 - 2025.1.1
AutoCAD Architecture: 2023 - 2025.1.1
AutoCAD Electrical: 2023 - 2025.1.1
AutoCAD Mechanical: 2023 - 2025.1.1
AutoCAD MEP: 2023 - 2025.1.1
AutoCAD Plant 3D: 2023 - 2025.1.1
Autodesk Civil 3D: 2023 - 2025.1.1
Advance Steel: 2023 - 2025.1.1
AutoCAD Map 3D: 2023 - 2025
AutoCAD LT: 2023 - 2025.1.1
CPE2.3- cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:revit:2025.2:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2023.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2024.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_autocad:2024.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autodesk_civil_3d:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
- cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
