CVE-2025-5040

CWE-122Heap-based Buffer Overflow4 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 80.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Autodesk Revit
Timeline
PublishedJul 10
Latest updateAug 22

Description

A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5autodesk/revit20232023.1.8+3
NVDautodesk/revit20242024.3.3+2

🔴Vulnerability Details

2
GHSA
GHSA-5vfp-v42j-9fcc: A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability2025-07-10
CVEList
RTE File Parsing Heap-Based Overflow Vulnerability2025-07-10

📋Vendor Advisories

1
Red Hat
kernel: vfio/pds: Fix missing detach_ioas op2025-08-22
CVE-2025-5040 (HIGH CVSS 7.8) | A maliciously crafted RTE file | cvebase.io