CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5040 – RTE File Parsing Heap-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-5040
10 Jul 2025 — A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Revit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0012 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5037 – RFA File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-5037
10 Jul 2025 — A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. This vulnerability allows remote attackers ... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0012 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4605 – USD File Parsing Memory Allocation Vulnerability
https://notcve.org/view.php?id=CVE-2025-4605
11 Jun 2025 — A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0011 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5335 – Privilege Ecalation due to Untrusted Search Path Vulnerability
https://notcve.org/view.php?id=CVE-2025-5335
10 Jun 2025 — A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0010 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5036 – RFA File Parsing Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2025-5036
02 Jun 2025 — A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. Un archivo RFA manipulado con fines maliciosos, al vincularse o importarse a Autodesk Revit, puede forzar una vulnerabilidad de Use-After-Free. Un agente malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer d... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0009 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1274 – RCS File Parsing Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-1274
15 Apr 2025 — A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0007 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1277 – PDF File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2025-1277
15 Apr 2025 — A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1656 – PDF File Parsing Heap-based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-1656
15 Apr 2025 — A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1273 – PDF File Parsing Heap-Based Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2025-1273
15 Apr 2025 — A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2497 – DWG File Parsing Stack-Based Buffer Vulnerability
https://notcve.org/view.php?id=CVE-2025-2497
15 Apr 2025 — A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0005 • CWE-122: Heap-based Buffer Overflow •