CVE-2025-5039
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Autodesk | AutoCAD | 2026 < 2026.1 | affected |
| Autodesk | AutoCAD LT | 2026 < 2026.1 | affected |
| Autodesk | RealDWG | 2026 < 2026.0.2 | affected |
| Autodesk | 3ds Max | 2027 < 2027.1 | affected |
| Autodesk | 3ds Max | 2026 < 2026.3.3 | affected |
Weaknesses
- CWE-426: CWE-426 Untrusted Search Path
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.autodesk.com/products/autodesk-access/overview
- https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.