7.8

CVE-2025-1276

DWG File Parsing Out-of-Bounds Write Vulnerability

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AutodeskAdvance Steel Version >= 2023 < 2023.1.7
AutodeskAdvance Steel Version >= 2024 < 2024.1.7
AutodeskAdvance Steel Version >= 2025 < 2025.1.2
AutodeskAutocad SwPlatform- Version >= 2023 < 2023.1.7
AutodeskAutocad SwPlatform- Version >= 2024 < 2024.1.7
AutodeskAutocad SwPlatform- Version >= 2025 < 2025.1.2
AutodeskAutocad Architecture Version >= 2023 < 2023.1.7
AutodeskAutocad Architecture Version >= 2024 < 2024.1.7
AutodeskAutocad Architecture Version >= 2025 < 2025.1.2
AutodeskAutocad Electrical Version >= 2023 < 2023.1.7
AutodeskAutocad Electrical Version >= 2024 < 2024.1.7
AutodeskAutocad Electrical Version >= 2025 < 2025.1.2
AutodeskAutocad Lt SwPlatform- Version >= 2023 < 2023.1.7
AutodeskAutocad Lt SwPlatform- Version >= 2024 < 2024.1.7
AutodeskAutocad Lt SwPlatform- Version >= 2025 < 2025.1.2
AutodeskAutocad Map 3d Version >= 2023 < 2023.1.7
AutodeskAutocad Map 3d Version >= 2024 < 2024.1.7
AutodeskAutocad Map 3d Version >= 2025 < 2025.1.2
AutodeskAutocad Mechanical Version >= 2023 < 2023.1.7
AutodeskAutocad Mechanical Version >= 2024 < 2024.1.7
AutodeskAutocad Mechanical Version >= 2025 < 2025.1.2
AutodeskAutocad Mep Version >= 2023 < 2023.1.7
AutodeskAutocad Mep Version >= 2024 < 2024.1.7
AutodeskAutocad Mep Version >= 2025 < 2025.1.2
AutodeskAutocad Plant 3d Version >= 2023 < 2023.1.7
AutodeskAutocad Plant 3d Version >= 2024 < 2024.1.7
AutodeskAutocad Plant 3d Version >= 2025 < 2025.1.2
AutodeskCivil 3d Version >= 2023 < 2023.1.7
AutodeskCivil 3d Version >= 2024 < 2024.1.7
AutodeskCivil 3d Version >= 2025 < 2025.1.2
AutodeskDwg Trueview Version >= 2023 < 2023.1.7
AutodeskDwg Trueview Version >= 2024 < 2024.1.7
AutodeskDwg Trueview Version >= 2025 < 2025.1.2
AutodeskInfrastructure Parts Editor Version >= 2024 < 2024.1.7
AutodeskInfrastructure Parts Editor Version >= 2025 < 2025.1.2
AutodeskInventor Version >= 2024 < 2024.1.7
AutodeskInventor Version >= 2025 < 2025.1.2
AutodeskNavisworks Manage Version >= 2024 < 2024.1.7
AutodeskNavisworks Manage Version >= 2025 < 2025.1.2
AutodeskNavisworks Simulate Version >= 2024 < 2024.1.7
AutodeskNavisworks Simulate Version >= 2025 < 2025.1.2
AutodeskRevit Version >= 2024 < 2024.1.7
AutodeskRevit Version >= 2025 < 2025.1.2
AutodeskVault Version >= 2024 < 2024.1.7
AutodeskVault Version >= 2025 < 2025.1.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.156
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@autodesk.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004
Vendor Advisory
https://www.autodesk.com/products/autodesk-access/overview
https://www.autodesk.com/products/dwg-trueview/overview