AutoDesk Advance Steel
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in AutoDesk Advance Steel.
By the Year
In 2025 there have been 25 vulnerabilities in AutoDesk Advance Steel with an average score of 7.8 out of ten. Last year, in 2024 Advance Steel had 51 security vulnerabilities published. Right now, Advance Steel is on track to have less security vulnerabilities in 2025 than it did last year. Interestingly, the average vulnerability score and the number of vulnerabilities for 2025 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 25 | 7.80 |
| 2024 | 51 | 7.80 |
| 2023 | 0 | 0.00 |
| 2022 | 10 | 7.80 |
| 2021 | 6 | 7.05 |
| 2020 | 0 | 0.00 |
| 2019 | 5 | 7.80 |
It may take a day or so for new Advance Steel vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent AutoDesk Advance Steel Security Vulnerabilities
Autodesk PDF Reader Heap Overflow via Malformed PDF
CVE-2025-8894
7.8 - High
- September 16, 2025
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Heap-based Buffer Overflow
Out-of-Bounds Write in Autodesk PDF Parser via Malicious PDF
CVE-2025-8893
7.8 - High
- September 16, 2025
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
AutoCAD DGN Import Memory Corruption (CVE-2025-5048)
CVE-2025-5048
7.8 - High
- August 15, 2025
A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Classic Buffer Overflow
Uninitialized Variable in AutoCAD via Malicious DGN File – Crash or RCE
CVE-2025-5047
7.8 - High
- August 15, 2025
A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Use of Uninitialized Variable
AutoCAD OOBR via Malicious DGN File
CVE-2025-5046
7.8 - High
- August 15, 2025
A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Out-of-bounds Read
Autodesk 3DM OOB Write RCE via crafted file
CVE-2025-7675
7.8 - High
- July 29, 2025
A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Heap Overflow via Malicious 3DM in Autodesk Products (CVE-2025-5043)
CVE-2025-5043
7.8 - High
- July 29, 2025
A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Heap-based Buffer Overflow
Autodesk X_T File Memory Corruption RCE
CVE-2025-5038
7.8 - High
- July 29, 2025
A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Classic Buffer Overflow
CVE-2025-1656: Heap Overflow in Autodesk App via Malicious PDF
CVE-2025-1656
7.8 - High
- April 15, 2025
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Heap-based Buffer Overflow
Autodesk DWG OOB Write via Malicious DWG
CVE-2025-1276
7.8 - High
- April 15, 2025
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk Image Import (JPG) Heap Overflow via Malicious File
CVE-2025-1275
7.8 - High
- April 15, 2025
A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Memory Corruption
Revit OOB Write via Malicious RCS File
CVE-2025-1274
7.8 - High
- April 15, 2025
A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk PDF Parser Memory Corruption Enables Arbitrary Code Exec
CVE-2025-1277
7.8 - High
- April 15, 2025
A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Classic Buffer Overflow
Autodesk PDF Heap Overflow CVE-2025-1273
CVE-2025-1273
7.8 - High
- April 15, 2025
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Heap-based Buffer Overflow
AutoCAD Uninitialized Variable via Malicious CATPRODUCT File
CVE-2025-1427
7.8 - High
- March 13, 2025
A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Use of Uninitialized Resource
Autodesk AutoCAD CATPART OOB Read
CVE-2025-1428
7.8 - High
- March 13, 2025
A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Out-of-bounds Read
AutoCAD Heap Overflow via Malformed MODEL File
CVE-2025-1429
7.8 - High
- March 13, 2025
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Memory Corruption
AutoCAD SLDPRT Parser Memory Corruption via Malicious File
CVE-2025-1430
7.8 - High
- March 13, 2025
A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
AutoCAD OOB Read via SLDPRT file causing crash or code exec
CVE-2025-1431
7.8 - High
- March 13, 2025
A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Out-of-bounds Read
UAF Vulnerability in Autodesk AutoCAD 3DM Parser
CVE-2025-1432
7.8 - High
- March 13, 2025
A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Dangling pointer
AutoCAD OOB Read Vulnerability in MODEL File Parsing
CVE-2025-1652
7.8 - High
- March 13, 2025
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Out-of-bounds Read
AutoCAD OOB Read via Malicious MODEL File
CVE-2025-1433
7.8 - High
- March 13, 2025
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Out-of-bounds Read
Uninitialized Variable in AutoCAD via CATPRODUCT File
CVE-2025-1649
7.8 - High
- March 13, 2025
A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Use of Uninitialized Resource
Autodesk AutoCAD CATPRODUCT Uninitialized Variable Crash/Exec
CVE-2025-1650
7.8 - High
- March 13, 2025
A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Use of Uninitialized Resource
AutoCAD MODEL File Heap Overflow
CVE-2025-1651
7.8 - High
- March 13, 2025
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Memory Corruption
Autocad odxsw_dll.dll Heap Buffer Overflow via SLDPRT
CVE-2024-8587
7.8 - High
- October 29, 2024
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Memory Corruption
OOB Write in Autodesk AutoCAD AdDwfPdk.dll via Malicious DWF
CVE-2024-7305
- August 20, 2024
A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
UAF via Malicious IGES in Autodesk AutoCAD ASMImport.dll
CVE-2024-23158
- June 25, 2024
A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
Dangling pointer
AutoCAD odxug DLL OOB Write via .PRT File
CVE-2024-23150
- June 25, 2024
A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Out-of-Bounds Write in AutoCAD ASMkern229A.dll via crafted 3DM file
CVE-2024-23151
- June 25, 2024
A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk opennurbs.dll OOB Read via crafted 3DM file
CVE-2024-23152
- June 25, 2024
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
OOB Read in Autodesk libodx.dll via malicious MODEL file
CVE-2024-23153
- June 25, 2024
A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Out-of-bounds Read
Heap Overflow in Autodesk Inventor via ODXSW_DLL.dll SLDPRT
CVE-2024-23154
- June 25, 2024
A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Memory Corruption
Heap BOF in Autodesk atf_asm_interface.dll via Malicious MODEL File
CVE-2024-23155
- June 25, 2024
A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk 3DM Parsing CVE-2024-23156: 3DM Memory Corruption via opennurbs.dll
CVE-2024-23156
- June 25, 2024
A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
Memory Corruption
Inventor ODXSW_DLL Unexpected GLB Mem Corruption via Malicious SolidWorks File
CVE-2024-23157
- June 25, 2024
A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
Memory Corruption
Uninitialized Variable in Autodesk AutoCAD STP Parser Enables Code Execution
CVE-2024-23159
- June 25, 2024
A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
Use of Uninitialized Resource
OOB Write in AutoCAD opennurbs.dll via Malicious 3DM
CVE-2024-36999
- June 25, 2024
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Stack Overflow in Autodesk openNURBS DLL via DWG/SLDPRT
CVE-2024-37003
- June 25, 2024
A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk ASMKERN229A.dll UAF via SLDPRT file
CVE-2024-37004
- June 25, 2024
A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Dangling pointer
Autodesk pskernel.DLL OOB Read via X_B File
CVE-2024-37005
- June 25, 2024
A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
Out-of-bounds Read
Autodesk CC5Dll.dll Mem Corruption via Malicious CATPRODUCT
CVE-2024-37006
- June 25, 2024
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
Memory Corruption
Use-After-Free in Autodesk pskernel.DLL via X_B/X_T files
CVE-2024-37007
- June 25, 2024
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Dangling pointer
Autodesk Revit Heap Overflow via Malicious 3DM File in opennurbs.dll
CVE-2024-37001
- June 25, 2024
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk Opennurbs DLL OOB Read via Malicious PRT File
CVE-2024-23145
- June 25, 2024
A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
Out-of-bounds Read
AutoCAD pskernel.DLL OOB Write via X_B/X_T Files
CVE-2024-23146
- June 25, 2024
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk Memory Corruption via Malicious CATPART/X_B/STEP in ASMKERN DLLs
CVE-2024-23147
- June 25, 2024
A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
Memory Corruption
Memory Corruption via Malformed CATPRODUCT in Autodesk CC5Dll.dll
CVE-2024-23148
- June 25, 2024
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
Memory Corruption
Autodesk ODXSW_DLL.dll OOB Read via SLDDRW File
CVE-2024-23149
- June 25, 2024
A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autodesk psKernel DLL memory corruption via malicious X_B file
CVE-2024-37000
- June 25, 2024
A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for AutoDesk Advance Steel or by AutoDesk? Click the Watch button to subscribe.
