CVE-2025-6636 — Use After Free in Shared Components

CWE-416 — Use After Free3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 85.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Shared Components

Timeline

PublishedJul 29

Description

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5autodesk/shared_components2026.2 — 2026.3

▶NVDautodesk/shared_components2026.2

🔴Vulnerability Details

CVEList

PRT File Parsing Use-After-Free Vulnerability↗2025-07-29

▶

GHSA

GHSA-wfrx-qcvf-27h6: A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability↗2025-07-29

▶