AutoDesk AutoDesk

  1. Vendors
  2. AutoDesk

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any AutoDesk product.

RSS Feeds for AutoDesk security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in AutoDesk products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by AutoDesk Sorted by Most Security Vulnerabilities since 2018

AutoDesk Autocad165 vulnerabilities

AutoDesk Autocad Architecture159 vulnerabilities

AutoDesk Autocad Electrical159 vulnerabilities

AutoDesk Autocad Mechanical159 vulnerabilities

AutoDesk Autocad Mep159 vulnerabilities

AutoDesk Autocad Plant 3d159 vulnerabilities

AutoDesk Autocad Map 3d137 vulnerabilities

AutoDesk Advance Steel97 vulnerabilities

AutoDesk Civil 3d96 vulnerabilities

AutoDesk Autocad Lt81 vulnerabilities

AutoDesk Autocad Civil 3d67 vulnerabilities

AutoDesk Autocad Advance Steel62 vulnerabilities

AutoDesk Navisworks47 vulnerabilities

AutoDesk Revit33 vulnerabilities

AutoDesk Dwg Trueview21 vulnerabilities

AutoDesk Inventor17 vulnerabilities

AutoDesk Fbx Software Development Kit14 vulnerabilities

AutoDesk 3ds Max11 vulnerabilities

AutoDesk Shared Components10 vulnerabilities

AutoDesk Infraworks9 vulnerabilities

AutoDesk Fbx Review9 vulnerabilities

AutoDesk Infrastructure Parts Editor7 vulnerabilities

AutoDesk Maya Usd6 vulnerabilities

AutoDesk Fusion6 vulnerabilities

AutoDesk Vred5 vulnerabilities

AutoDesk 3ds Max Usd4 vulnerabilities

AutoDesk Installer4 vulnerabilities

AutoDesk Revit Lt4 vulnerabilities

AutoDesk Alias3 vulnerabilities

AutoDesk Maya3 vulnerabilities

AutoDesk Vault2 vulnerabilities

AutoDesk Navisworks Simulate2 vulnerabilities

AutoDesk Navisworks Manage2 vulnerabilities

AutoDesk Customer Portal2 vulnerabilities

AutoDesk Realdwg1 vulnerability

AutoDesk Universal Scene Description1 vulnerability

AutoDesk Desktop Connector1 vulnerability

By the Year

In 2025 there have been 51 vulnerabilities in AutoDesk with an average score of 7.8 out of ten. Last year, in 2024 AutoDesk had 102 security vulnerabilities published. Right now, AutoDesk is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.11.




Year Vulnerabilities Average Score
2025 51 7.79
2024 102 7.69
2023 31 7.86
2022 73 7.81
2021 25 7.53
2020 7 7.57
2019 9 7.80

It may take a day or so for new AutoDesk vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent AutoDesk Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-11797 Nov 12, 2025
Use-After-Free in Autodesk 3ds Max DWG Parser allows arbitrary code exec A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
3ds Max
CVE-2025-11795 Nov 12, 2025
Autodesk 3ds Max OOB Write via Malformed JPG (CVE-2025-11795) A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
3ds Max
CVE-2025-9458 Nov 07, 2025
Autodesk Memory Corruption via Malicious PRT File Parser RCE A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-10885 Nov 06, 2025
Privilege Escalation via Unvalidated Binary Load in Windows A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM.
Installer
CVE-2025-8354 Sep 23, 2025
Autodesk Revit RFA Type Confusion via Malicious File A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Revit
Revit Lt
CVE-2025-10244 Sep 23, 2025
Autodesk Fusion XSS via Malicious HTML Payload A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
Fusion
CVE-2025-8892 Sep 22, 2025
Autodesk PRT memory corruption vulnerability (RCE) A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-8894 Sep 16, 2025
Autodesk PDF Reader Heap Overflow via Malformed PDF A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Revit
Autocad
Autocad Lt
And others...
CVE-2025-8893 Sep 16, 2025
Out-of-Bounds Write in Autodesk PDF Parser via Malicious PDF A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Revit
Autocad
Autocad Lt
And others...
CVE-2025-5046 Aug 15, 2025
AutoCAD OOBR via Malicious DGN File A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad
Autocad Lt
Autocad Architecture
And others...
CVE-2025-5047 Aug 15, 2025
Uninitialized Variable in AutoCAD via Malicious DGN File – Crash or RCE A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad
Autocad Lt
Autocad Architecture
And others...
CVE-2025-5048 Aug 15, 2025
AutoCAD DGN Import Memory Corruption (CVE-2025-5048) A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Autocad
Autocad Lt
Autocad Architecture
And others...
CVE-2025-6634 Aug 06, 2025
Memory Corruption RCE via Malicious TGA in Autodesk 3ds Max A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
3ds Max
CVE-2025-6632 Aug 06, 2025
3ds Max OOB Read via PSD Import A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
3ds Max
CVE-2025-6633 Aug 06, 2025
Autodesk 3ds Max OOB Write via Malicious RBG File A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
3ds Max
CVE-2025-5038 Jul 29, 2025
Autodesk X_T File Memory Corruption RCE A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Shared Components
Autocad
Autocad Architecture
And others...
CVE-2025-5043 Jul 29, 2025
Heap Overflow via Malicious 3DM in Autodesk Products (CVE-2025-5043) A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Shared Components
Autocad
Autocad Architecture
And others...
CVE-2025-6631 Jul 29, 2025
Autodesk Inventor OOB Write via Malicious PRT (CVE-2025-6631) A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
Inventor
CVE-2025-6635 Jul 29, 2025
Autodesk OOB Read via Malicious PRT File A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-6636 Jul 29, 2025
Autodesk PRT UAF Causing RCE A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-6637 Jul 29, 2025
Autodesk Inventor OOB Write in PRT Parser (CVE-2025-6637) A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
Inventor
CVE-2025-7497 Jul 29, 2025
Out-of-Bounds Write via Malicious PRT File in Autodesk Products (CVE-2025-7497) A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-7675 Jul 29, 2025
Autodesk 3DM OOB Write RCE via crafted file A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
Autocad
Autocad Architecture
And others...
CVE-2025-5039 Jul 24, 2025
Autodesk App RCE via Untrusted Search Path A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
Infrastructure Parts Editor
Inventor
Navisworks Manage
And others...
CVE-2025-5042 Jul 22, 2025
Autodesk Revit OOB Read via Malicious RFA File (CVE-2025-5042) A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Revit
Revit Lt
CVE-2025-5037 Jul 10, 2025
Revit Memory Corruption via Malicious RFA/RTE/RVT Files A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Revit
CVE-2025-5040 Jul 10, 2025
Revit RTE Heap Overflow via Malicious RTE File A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Revit
CVE-2025-4605 Jun 11, 2025
Uncontrolled Memory Allocation in Autodesk Maya’s .usdc Loader Causing DoS A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.
Maya
Universal Scene Description
CVE-2025-5335 Jun 10, 2025
Autodesk Installer Priv Escalation via Untrusted Search Path A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution.
Installer
CVE-2025-5036 Jun 02, 2025
Revit RFA Use-After-Free via Malicious Import A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Revit
CVE-2025-1274 Apr 15, 2025
Revit OOB Write via Malicious RCS File A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Revit
Autocad
Autocad Lt
And others...
CVE-2025-2497 Apr 15, 2025
Autodesk Revit DWG Buffer Overflow (Stack-Based) A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Revit
CVE-2025-1656 Apr 15, 2025
CVE-2025-1656: Heap Overflow in Autodesk App via Malicious PDF A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Revit
Autocad
Autocad Lt
And others...
CVE-2025-1277 Apr 15, 2025
Autodesk PDF Parser Memory Corruption Enables Arbitrary Code Exec A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Revit
Autocad
Autocad Lt
And others...
CVE-2025-1275 Apr 15, 2025
Autodesk Image Import (JPG) Heap Overflow via Malicious File A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad Mechanical
Autocad Mep
Autocad Plant 3d
And others...
CVE-2025-1273 Apr 15, 2025
Autodesk PDF Heap Overflow CVE-2025-1273 A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Revit
Autocad
Autocad Lt
And others...
CVE-2025-1276 Apr 15, 2025
Autodesk DWG OOB Write via Malicious DWG A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Autocad Architecture
Autocad Electrical
Autocad Map 3d
And others...
CVE-2025-1660 Apr 01, 2025
Memory Corruption in Autodesk Navisworks DWFX Parser Allows RCE A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Navisworks
CVE-2025-1659 Apr 01, 2025
OOB Read in Autodesk Navisworks via Malicious DWFX File A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Navisworks
CVE-2025-1658 Apr 01, 2025
Out-of-Bounds Read in Autodesk Navisworks DWFX Parser A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Navisworks
CVE-2025-1429 Mar 13, 2025
AutoCAD Heap Overflow via Malformed MODEL File A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad
Autocad Architecture
Autocad Electrical
And others...
CVE-2025-1428 Mar 13, 2025
Autodesk AutoCAD CATPART OOB Read A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad
Autocad Architecture
Autocad Electrical
And others...
CVE-2025-1427 Mar 13, 2025
AutoCAD Uninitialized Variable via Malicious CATPRODUCT File A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad
Autocad Architecture
Autocad Electrical
And others...
CVE-2025-1652 Mar 13, 2025
AutoCAD OOB Read Vulnerability in MODEL File Parsing A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad
Advance Steel
Civil 3d
And others...
CVE-2025-1650 Mar 13, 2025
Autodesk AutoCAD CATPRODUCT Uninitialized Variable Crash/Exec A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad
Autocad Architecture
Autocad Electrical
And others...
CVE-2025-1651 Mar 13, 2025
AutoCAD MODEL File Heap Overflow A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad Mechanical
Autocad Mep
Autocad Plant 3d
And others...
CVE-2025-1430 Mar 13, 2025
AutoCAD SLDPRT Parser Memory Corruption via Malicious File A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Autocad
Autocad Architecture
Autocad Electrical
And others...
CVE-2025-1431 Mar 13, 2025
AutoCAD OOB Read via SLDPRT file causing crash or code exec A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad
Autocad Architecture
Autocad Electrical
And others...
CVE-2025-1433 Mar 13, 2025
AutoCAD OOB Read via Malicious MODEL File A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad
Autocad Architecture
Autocad Electrical
And others...
CVE-2025-1432 Mar 13, 2025
UAF Vulnerability in Autodesk AutoCAD 3DM Parser A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad
Autocad Architecture
Autocad Electrical
And others...
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.