Autodesk Autocad Map 3D vulnerabilities

CVE-2025-8894 [HIGH] CWE-122 CVE-2025-8894: A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Base A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-8893 [HIGH] CWE-787 CVE-2025-8893: A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-B A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2025-5047 [HIGH] CWE-457 CVE-2025-5047: A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Var A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-5046 [HIGH] CWE-125 CVE-2025-5046: A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-B A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-5048 [HIGH] CWE-120 CVE-2025-5048: A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Co A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2025-7675 [HIGH] CWE-787 CVE-2025-7675: A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-B A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2025-5038 [HIGH] CWE-120 CVE-2025-5038: A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Co A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2025-5043 [HIGH] CWE-122 CVE-2025-5043: A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-5039 [HIGH] CWE-426 CVE-2025-5039: A maliciously crafted binary file, when present while loading files in certain Autodesk applications A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

CVE-2025-1273 [HIGH] CWE-122 CVE-2025-1273: A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1656 [HIGH] CWE-122 CVE-2025-1656: A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1277 [HIGH] CWE-120 CVE-2025-1277: A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corrup A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2025-1276 [HIGH] CWE-787 CVE-2025-1276: A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out- A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2025-1274 [HIGH] CWE-787 CVE-2025-1274: A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2025-1275 [HIGH] CWE-122 CVE-2025-1275: A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can forc A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1431 [HIGH] CWE-125 CVE-2025-1431: A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1650 [HIGH] CWE-457 CVE-2025-1650: A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitiali A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1428 [HIGH] CWE-125 CVE-2025-1428: A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1427 [HIGH] CWE-457 CVE-2025-1427: A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitiali A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1649 [HIGH] CWE-457 CVE-2025-1649: A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitiali A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.