AutoDesk Revit
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in AutoDesk Revit.
By the Year
In 2025 there have been 15 vulnerabilities in AutoDesk Revit with an average score of 7.8 out of ten. Last year, in 2024 Revit had 6 security vulnerabilities published. That is, 9 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.38.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 15 | 7.80 |
| 2024 | 6 | 7.42 |
| 2023 | 4 | 7.80 |
| 2022 | 6 | 7.80 |
| 2021 | 2 | 7.80 |
It may take a day or so for new Revit vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent AutoDesk Revit Security Vulnerabilities
Autodesk Revit RFA Type Confusion via Malicious File
CVE-2025-8354
7.8 - High
- September 23, 2025
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Object Type Confusion
Autodesk PDF Reader Heap Overflow via Malformed PDF
CVE-2025-8894
7.8 - High
- September 16, 2025
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Heap-based Buffer Overflow
Out-of-Bounds Write in Autodesk PDF Parser via Malicious PDF
CVE-2025-8893
7.8 - High
- September 16, 2025
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk App RCE via Untrusted Search Path
CVE-2025-5039
7.8 - High
- July 24, 2025
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
Autodesk Revit OOB Read via Malicious RFA File (CVE-2025-5042)
CVE-2025-5042
7.8 - High
- July 22, 2025
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Out-of-bounds Read
Revit Memory Corruption via Malicious RFA/RTE/RVT Files
CVE-2025-5037
7.8 - High
- July 10, 2025
A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Revit RTE Heap Overflow via Malicious RTE File
CVE-2025-5040
7.8 - High
- July 10, 2025
A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Revit RFA Use-After-Free via Malicious Import
CVE-2025-5036
7.8 - High
- June 02, 2025
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autodesk DWG OOB Write via Malicious DWG
CVE-2025-1276
7.8 - High
- April 15, 2025
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk PDF Heap Overflow CVE-2025-1273
CVE-2025-1273
7.8 - High
- April 15, 2025
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Heap-based Buffer Overflow
Revit OOB Write via Malicious RCS File
CVE-2025-1274
7.8 - High
- April 15, 2025
A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk Image Import (JPG) Heap Overflow via Malicious File
CVE-2025-1275
7.8 - High
- April 15, 2025
A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk PDF Parser Memory Corruption Enables Arbitrary Code Exec
CVE-2025-1277
7.8 - High
- April 15, 2025
A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Classic Buffer Overflow
CVE-2025-1656: Heap Overflow in Autodesk App via Malicious PDF
CVE-2025-1656
7.8 - High
- April 15, 2025
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Heap-based Buffer Overflow
Autodesk Revit DWG Buffer Overflow (Stack-Based)
CVE-2025-2497
7.8 - High
- April 15, 2025
A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk Revit DLL Search Order Hijacking Vulnerability
CVE-2024-11454
7.8 - High
- December 09, 2024
A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
Untrusted Path
Autodesk Revit PDF Parsing Out-of-Bounds Read Vulnerability
CVE-2024-11268
5.5 - Medium
- December 09, 2024
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.
Out-of-bounds Read
Autodesk Revit SKP File Heap-based Overflow Vulnerability
CVE-2024-11608
7.8 - High
- December 09, 2024
A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Memory Corruption
Out-of-Bounds Write in Autodesk Revit PDF Parser
CVE-2024-7993
7.8 - High
- October 16, 2024
A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Memory Corruption
CVE-2024-7994: Stack Overflow in Autodesk Revit RFA Parser
CVE-2024-7994
7.8 - High
- October 16, 2024
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Memory Corruption
Autodesk Revit DWG Stack Overflow Exploit
CVE-2024-37008
7.8 - High
- August 21, 2024
A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Memory Corruption
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability
CVE-2023-25002
7.8 - High
- June 27, 2023
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
Dangling pointer
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities
CVE-2023-25004
7.8 - High
- June 27, 2023
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
Integer Overflow or Wraparound
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities
CVE-2023-29068
7.8 - High
- June 27, 2023
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Memory Corruption
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities
CVE-2023-25003
7.8 - High
- June 23, 2023
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
Out-of-bounds Read
A maliciously crafted TIF
CVE-2021-40162
7.8 - High
- October 07, 2022
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Out-of-bounds Read
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
CVE-2021-40163
7.8 - High
- October 07, 2022
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
Memory Corruption
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files
CVE-2021-40164
7.8 - High
- October 07, 2022
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Memory Corruption
A maliciously crafted TIFF
CVE-2021-40165
7.8 - High
- October 07, 2022
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Memory Corruption
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object
CVE-2021-40166
7.8 - High
- October 07, 2022
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
Dangling pointer
Autodesk AutoCAD product suite
CVE-2022-27871
7.8 - High
- June 21, 2022
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
Allocation of Resources Without Limits or Throttling
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
CVE-2021-40161
7.8 - High
- December 23, 2021
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
Memory Corruption
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file
CVE-2021-40160
7.8 - High
- December 23, 2021
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for AutoDesk Revit or by AutoDesk? Click the Watch button to subscribe.
