
CVE-2025-6636 – PRT File Parsing Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2025-6636
29 Jul 2025 — A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede generar una vulnerabilidad de uso después de la liberación. Un agente malicioso puede aprovechar esta vulnerabilidad para provoca... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015 • CWE-416: Use After Free •

CVE-2025-6637 – PRT File Parsing Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-6637
29 Jul 2025 — A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los límites. Un agente malicioso podría aprovechar esta vulnerabilidad pa... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015 • CWE-787: Out-of-bounds Write •

CVE-2025-7497 – PRT File Parsing Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-7497
29 Jul 2025 — A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los límites. Un agente malicioso podría aprovechar esta vulnerabilidad pa... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015 • CWE-787: Out-of-bounds Write •

CVE-2025-7675 – 3DM File Parsing Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-7675
29 Jul 2025 — A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. Un archivo 3DM manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los límites. Un agente malicioso podría aprovechar esta vulnerabilidad pa... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015 • CWE-787: Out-of-bounds Write •

CVE-2025-5039 – Privilege Ecalation due to Untrusted Search Path Vulnerability
https://notcve.org/view.php?id=CVE-2025-5039
24 Jul 2025 — A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized. Un archivo binario manipulado con fines malintencionados, cuando está presente durante la carga de archivos en ciertas aplicaciones de Autodesk, podría provocar la ejecución de código arbitrario en el contexto del proceso actual debido al uso de una ruta de búsqueda no confiable. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014 • CWE-426: Untrusted Search Path •

CVE-2025-5042 – RFA File Parsing Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2025-5042
22 Jul 2025 — A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0013 • CWE-125: Out-of-bounds Read •

CVE-2025-5040 – RTE File Parsing Heap-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-5040
10 Jul 2025 — A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0012 • CWE-122: Heap-based Buffer Overflow •

CVE-2025-5037 – RFA File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-5037
10 Jul 2025 — A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. This vulnerability allows remote attackers ... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0012 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2025-4605 – USD File Parsing Memory Allocation Vulnerability
https://notcve.org/view.php?id=CVE-2025-4605
11 Jun 2025 — A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0011 • CWE-789: Memory Allocation with Excessive Size Value •

CVE-2025-5335 – Privilege Ecalation due to Untrusted Search Path Vulnerability
https://notcve.org/view.php?id=CVE-2025-5335
10 Jun 2025 — A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution. • https://emsfs.autodesk.com/utility/odis/1/installer/latest/AdODIS-installer.exe • CWE-426: Untrusted Search Path •