Primary

Context

Autodesk Products Memory Corruption Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A memory corruption vulnerability has been identified in several Autodesk products, including AutoCAD 2026 and its specialized toolsets, as well as Autodesk Advance Steel, 3ds Max, Civil 3D, InfraWorks, Inventor, Revit, Revit LT, and Vault. This vulnerability arises when a maliciously crafted PRT file is parsed by the affected software, potentially allowing an attacker to execute arbitrary code within the context of the current process.

Impact

Exploitation of this vulnerability can lead to memory corruption, allowing for arbitrary code execution in the context of the current process.

Remediation

Users are advised to install the latest version of Autodesk Shared Components via Autodesk Access or the Accounts Portal. These shared component updates can be installed independently of the main Autodesk products.

Added: Nov 7, 2025, 6:17 PM

Updated: Nov 7, 2025, 6:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Autodesk Products Memory Corruption Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating