CVE-2025-5039

CWE-4263 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 85.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Advance Steel Autodesk Autocad Autodesk Autocad Architecture +14 more

Timeline

PublishedJul 24

Description

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages17 packages

▶NVDautodesk/revit2026 — 2026.0.2

▶NVDautodesk/vault2026 — 2026.0.2

▶CVEListV5autodesk/autocad2026 — 2026.1

▶CVEListV5autodesk/realdwg2026 — 2026.0.2

▶CVEListV5autodesk/civil_3d2026 — 2026.1

🔴Vulnerability Details

GHSA

GHSA-4c85-w99g-9v4w: A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the↗2025-07-24

▶

CVEList

Privilege Ecalation due to Untrusted Search Path Vulnerability↗2025-07-24

▶