CVE-2025-8354
published 2025-09-23CVE-2025-8354: A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| autodesk | revit | >= 2024 < 2024.3.4 | 2024.3.4 |
| autodesk | revit | >= 2025 < 2025.4.4 | 2025.4.4 |
| autodesk | revit | >= 2026 < 2026.3 | 2026.3 |
| autodesk | revit_lt | >= 2024 < 2024.3.4 | 2024.3.4 |
| autodesk | revit_lt | >= 2025 < 2025.4.4 | 2025.4.4 |
| autodesk | revit_lt | >= 2026 < 2026.3 | 2026.3 |
| msrc | azl3_qemu_8.2.0-17_on_azure_linux_3.0 | — | — |
| msrc | azl3_qemu_8.2.0-19_on_azure_linux_3.0 | — | — |
| msrc | azl3_qemu_8.2.0-21_on_azure_linux_3.0 | — | — |
| msrc | azl3_qemu_8.2.0-23_on_azure_linux_3.0 | — | — |
| msrc | azl3_qemu_8.2.0-25_on_azure_linux_3.0 | — | — |
| msrc | azl3_qemu_8.2.0-27_on_azure_linux_3.0 | — | — |
| msrc | azl3_qemu_9.1.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_qemu_9.1.0-3_on_azure_linux_3.0 | — | — |
| msrc | cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_qemu_6.2.0-25_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_qemu_6.2.0-26_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_qemu_6.2.0-27_on_cbl_mariner_2.0 | — | — |
| qemu | qemu | >= 0 < 1:6.2+dfsg-2ubuntu6.28 | 1:6.2+dfsg-2ubuntu6.28 |
| qemu | qemu | >= 0 < 1:8.2.2+ds-0ubuntu1.13 | 1:8.2.2+ds-0ubuntu1.13 |
| qemu | qemu | >= 0 < 1:10.1.0+ds-5ubuntu2.4 | 1:10.1.0+ds-5ubuntu2.4 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv5.5MEDIUM