CVE-2025-6632

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 96.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk 3DS MAX

Timeline

PublishedAug 6

Description

A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5autodesk/3ds_max2026 — 2026.2

▶NVDautodesk/3ds_max2026 — 2026.2

🔴Vulnerability Details

CVEList

PSD File Parsing Out-of-Bounds Read Vulnerability↗2025-08-06

▶

GHSA

GHSA-4rvv-q3vw-9wwv: A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability↗2025-08-06

▶