CVE-2025-5048

EPSS 0.03%
Veröffentlicht 15.08.2025 14:38:22
Zuletzt bearbeitet 20.08.2025 21:22:13
Quelle psirt@autodesk.com
CVE-Watchlists
Login
Unerledigt
Login

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Autodesk ≫ Advance Steel Version2026

Autodesk ≫ Autocad Version2026

Autodesk ≫ Autocad Architecture Version2026

Autodesk ≫ Autocad Electrical Version2026

Autodesk ≫ Autocad Lt Version2026 SwPlatform-

Autodesk ≫ Autocad Map 3d Version2026

Autodesk ≫ Autocad Mechanical Version2026

Autodesk ≫ Autocad Mep Version2026

Autodesk ≫ Autocad Plant 3d Version2026

Autodesk ≫ Civil 3d Version2026

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.073

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@autodesk.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.autodesk.com/products/autodesk-access/overview

Product

https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0017

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-5048

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5048

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5048

EUVD