CVE-2025-4605

Summary

A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.

Affected Software

VendorProductVersion RangeStatus
AutodeskUSD for MayaMaya USD 0.31.0 < Maya USD 0.32.0affected
AutodeskUSD for 3ds MaxMax USD 0.10 < Max USD 0.11affected
AutodeskMaya2025 < 2025.3.1affected

Weaknesses

  • CWE-789: CWE-789 Memory Allocation with Excessive Size Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References