Autodesk Autodesk

  1. Vendors
  2. Autodesk

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Autodesk product.

RSS Feeds for Autodesk security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Autodesk products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Autodesk Sorted by Most Security Vulnerabilities since 2018

Autodesk Autocad150 vulnerabilities

Autodesk Autocad Architecture144 vulnerabilities

Autodesk Autocad Electrical144 vulnerabilities

Autodesk Autocad Mechanical144 vulnerabilities

Autodesk Autocad Mep144 vulnerabilities

Autodesk Autocad Plant 3d144 vulnerabilities

Autodesk Autocad Map 3d122 vulnerabilities

Autodesk Advance Steel82 vulnerabilities

Autodesk Civil 3d81 vulnerabilities

Autodesk Autocad Lt69 vulnerabilities

Autodesk Autocad Civil 3d67 vulnerabilities

Autodesk Autocad Advance Steel62 vulnerabilities

Autodesk Navisworks47 vulnerabilities

Autodesk Revit24 vulnerabilities

Autodesk Dwg Trueview18 vulnerabilities

Autodesk Fbx Software Development Kit14 vulnerabilities

Autodesk Inventor11 vulnerabilities

Autodesk Infraworks9 vulnerabilities

Autodesk Fbx Review9 vulnerabilities

Autodesk Maya Usd6 vulnerabilities

Autodesk 3ds Max5 vulnerabilities

Autodesk 3ds Max Usd4 vulnerabilities

Autodesk Vred4 vulnerabilities

Autodesk Alias3 vulnerabilities

Autodesk Customer Portal2 vulnerabilities

Autodesk Installer1 vulnerability

Autodesk Desktop Connector1 vulnerability

By the Year

In 2025 there have been 20 vulnerabilities in Autodesk with an average score of 7.8 out of ten. Last year, in 2024 Autodesk had 98 security vulnerabilities published. Right now, Autodesk is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.03.




Year Vulnerabilities Average Score
2025 20 7.80
2024 98 7.77
2023 31 7.86
2022 73 7.81
2021 25 7.53
2020 7 7.57
2019 9 7.80
2018 0 0.00

It may take a day or so for new Autodesk vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Autodesk Security Vulnerabilities

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability

CVE-2025-1273 7.8 - High - April 15, 2025

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability

CVE-2025-1274 7.8 - High - April 15, 2025

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability

CVE-2025-1275 7.8 - High - April 15, 2025

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability

CVE-2025-1277 7.8 - High - April 15, 2025

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability

CVE-2025-1656 7.8 - High - April 15, 2025

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability

CVE-2025-2497 7.8 - High - April 15, 2025

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability

CVE-2025-1658 7.8 - High - April 01, 2025

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Out-of-bounds Read

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability

CVE-2025-1659 7.8 - High - April 01, 2025

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Out-of-bounds Read

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability

CVE-2025-1660 7.8 - High - April 01, 2025

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability

CVE-2025-1427 7.8 - High - March 13, 2025

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Use of Uninitialized Resource

A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability

CVE-2025-1428 7.8 - High - March 13, 2025

A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Out-of-bounds Read

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability

CVE-2025-1429 7.8 - High - March 13, 2025

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability

CVE-2025-1430 7.8 - High - March 13, 2025

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability

CVE-2025-1431 7.8 - High - March 13, 2025

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Out-of-bounds Read

A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability

CVE-2025-1432 7.8 - High - March 13, 2025

A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Dangling pointer

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability

CVE-2025-1433 7.8 - High - March 13, 2025

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Out-of-bounds Read

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability

CVE-2025-1649 7.8 - High - March 13, 2025

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Use of Uninitialized Resource

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability

CVE-2025-1650 7.8 - High - March 13, 2025

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Use of Uninitialized Resource

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability

CVE-2025-1651 7.8 - High - March 13, 2025

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability

CVE-2025-1652 7.8 - High - March 13, 2025

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Out-of-bounds Read

Autodesk Navisworks DWFX File Parsing Out-of-Bounds Write Vulnerability

CVE-2024-11422 7.8 - High - December 17, 2024

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks DWFX File Parsing Memory Corruption Vulnerability

CVE-2024-12178 7.8 - High - December 17, 2024

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks DWFX File Parsing Heap-based Overflow Vulnerability

CVE-2024-12179 7.8 - High - December 17, 2024

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks DWFX File Parsing Out-of-Bounds Write Vulnerability

CVE-2024-12191 7.8 - High - December 17, 2024

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks Out-of-Bounds Write Vulnerability in DWF File Parsing

CVE-2024-12192 7.8 - High - December 17, 2024

A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks DWFX File Parsing Out-of-Bounds Write Vulnerability

CVE-2024-12193 7.8 - High - December 17, 2024

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks DWFX File Parsing Memory Corruption Vulnerability

CVE-2024-12194 7.8 - High - December 17, 2024

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks DWFX File Parsing Out-of-Bounds Write Vulnerability

CVE-2024-12197 7.8 - High - December 17, 2024

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks DWFX File Parsing Out-of-Bounds Write Vulnerability

CVE-2024-12671 7.8 - High - December 17, 2024

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks DWF File Parsing Heap-based Overflow Vulnerability

CVE-2024-12670 7.8 - High - December 17, 2024

A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks DWFX File Parsing Heap-based Overflow Vulnerability

CVE-2024-12669 7.8 - High - December 17, 2024

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks DWFX File Parsing Out-of-Bounds Write Vulnerability

CVE-2024-12200 7.8 - High - December 17, 2024

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks DWFX File Parsing Out-of-Bounds Write Vulnerability

CVE-2024-12199 7.8 - High - December 17, 2024

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Navisworks DWFX File Parsing Out-of-Bounds Write Vulnerability

CVE-2024-12198 7.8 - High - December 17, 2024

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Revit SKP File Heap-based Overflow Vulnerability

CVE-2024-11608 7.8 - High - December 09, 2024

A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

Autodesk Revit DLL Search Order Hijacking Vulnerability

CVE-2024-11454 7.8 - High - December 09, 2024

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.

Untrusted Path

Autodesk Revit PDF Parsing Out-of-Bounds Read Vulnerability

CVE-2024-11268 5.5 - Medium - December 09, 2024

A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.

Out-of-bounds Read

A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability

CVE-2023-7298 8.8 - High - December 09, 2024

A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability

CVE-2024-9997 7.8 - High - October 29, 2024

A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability

CVE-2024-8600 7.8 - High - October 29, 2024

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability

CVE-2024-9996 7.8 - High - October 29, 2024

A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability

CVE-2024-9827 7.8 - High - October 29, 2024

A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Out-of-bounds Read

A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability

CVE-2024-9826 7.8 - High - October 29, 2024

A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Dangling pointer

A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability

CVE-2024-9489 7.8 - High - October 29, 2024

A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization

CVE-2024-8896 7.8 - High - October 29, 2024

A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Use of Uninitialized Resource

A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability

CVE-2024-8597 7.8 - High - October 29, 2024

A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability

CVE-2024-8594 7.8 - High - October 29, 2024

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability

CVE-2024-8595 7.8 - High - October 29, 2024

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Dangling pointer

A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability

CVE-2024-8596 7.8 - High - October 29, 2024

A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability

CVE-2024-8593 7.8 - High - October 29, 2024

A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.