Autodesk Revit vulnerabilities
34 known vulnerabilities affecting autodesk/revit.
Total CVEs
34
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH32MEDIUM2
Vulnerabilities
Page 1 of 2
CVE-2025-8354HIGHCVSS 7.8≥ 2026, < 2026.3≥ 2025, < 2025.4.4+1 more2025-09-23
CVE-2025-8354 [HIGH] CWE-843 CVE-2025-8354: A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulne
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2025-8894HIGHCVSS 7.8≥ 2025, < 2025.4.3≥ 2026, < 2026.3+1 more2025-09-16
CVE-2025-8894 [HIGH] CWE-122 CVE-2025-8894: A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Base
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2025-8893HIGHCVSS 7.8≥ 2025, < 2025.4.3≥ 2026, < 2026.3+1 more2025-09-16
CVE-2025-8893 [HIGH] CWE-787 CVE-2025-8893: A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-B
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2025-5039HIGHCVSS 7.8≥ 2026, < 2026.0.22025-07-24
CVE-2025-5039 [HIGH] CWE-426 CVE-2025-5039: A maliciously crafted binary file, when present while loading files in certain Autodesk applications
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
nvd
CVE-2025-5042HIGHCVSS 7.8≥ 2026, < 2026.2≥ 2025, < 2025.4.3+2 more2025-07-22
CVE-2025-5042 [HIGH] CWE-125 CVE-2025-5042: A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2025-5040HIGHCVSS 7.8≥ 2024, < 2024.3.3≥ 2025, < 2025.4.2+2 more2025-07-10
CVE-2025-5040 [HIGH] CWE-122 CVE-2025-5040: A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow
A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2025-5037HIGHCVSS 7.8≥ 2024, < 2024.3.3≥ 2025, < 2025.4.2+2 more2025-07-10
CVE-2025-5037 [HIGH] CWE-120 CVE-2025-5037: A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory
A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2025-5036HIGHCVSS 7.8≥ 2024, < 2024.3.3≥ 2025, < 2025.4.2+2 more2025-06-02
CVE-2025-5036 [HIGH] CWE-416 CVE-2025-5036: A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-F
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2025-1273HIGHCVSS 7.8≥ 2023, < 2023.1.7≥ 2024, < 2024.3.2+1 more2025-04-15
CVE-2025-1273 [HIGH] CWE-122 CVE-2025-1273: A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2025-1656HIGHCVSS 7.8≥ 2023, < 2023.1.7≥ 2024, < 2024.3.2+1 more2025-04-15
CVE-2025-1656 [HIGH] CWE-122 CVE-2025-1656: A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2025-1277HIGHCVSS 7.8≥ 2023, < 2023.1.7≥ 2024, < 2024.3.2+1 more2025-04-15
CVE-2025-1277 [HIGH] CWE-120 CVE-2025-1277: A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corrup
A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2025-1276HIGHCVSS 7.8≥ 2024, < 2024.1.7≥ 2025, < 2025.1.22025-04-15
CVE-2025-1276 [HIGH] CWE-787 CVE-2025-1276: A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
nvd
CVE-2025-2497HIGHCVSS 7.8≥ 2024, < 2024.3.2≥ 2025, < 2025.4.12025-04-15
CVE-2025-2497 [HIGH] CWE-122 CVE-2025-2497: A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer O
A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2025-1274HIGHCVSS 7.8≥ 2023, < 2023.1.7≥ 2024, < 2024.3.2+1 more2025-04-15
CVE-2025-1274 [HIGH] CWE-787 CVE-2025-1274: A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write
A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2025-1275HIGHCVSS 7.8≥ 2023, < 2023.1.7≥ 2024, < 2024.3.2+1 more2025-04-15
CVE-2025-1275 [HIGH] CWE-122 CVE-2025-1275: A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can forc
A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2024-11454HIGHCVSS 7.8≥ 2025, < 2025.42024-12-09
CVE-2024-11454 [HIGH] CWE-426 CVE-2024-11454: A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by
A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
cvelistv5nvd
CVE-2024-11608HIGHCVSS 7.8≥ 2023, < 2023.1.7≥ 2024, < 2024.3.2+1 more2024-12-09
CVE-2024-11608 [HIGH] CWE-122 CVE-2024-11608: A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a
A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2024-11268MEDIUMCVSS 5.5≥ 2024, < 2024.3.1≥ 2025, < 2025.42024-12-09
CVE-2024-11268 [MEDIUM] CWE-125 CVE-2024-11268: A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read.
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.
cvelistv5nvd
CVE-2024-7994HIGHCVSS 7.8≥ 2024, < 2024.3≥ 2025, < 2025.3+2 more2024-10-16
CVE-2024-7994 [HIGH] CWE-121 CVE-2024-7994: A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer O
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
cvelistv5nvd
CVE-2024-7993HIGHCVSS 7.8≥ 2024, < 2024.2.2≥ 2025, < 2025.32024-10-16
CVE-2024-7993 [HIGH] CWE-787 CVE-2024-7993: A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write
A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
cvelistv5nvd
1 / 2Next →