Autodesk 3DM OOB Write RCE via crafted file
CVE-2025-7675 Published on July 29, 2025

3DM File Parsing Out-of-Bounds Write Vulnerability
A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-7675 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2025-7675 has been classified to as a Memory Corruption vulnerability or weakness.

Products Associated with CVE-2025-7675

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-7675 are published in these products:

AutoDesk Shared Components

AutoDesk Autocad

AutoDesk Autocad Architecture

AutoDesk Autocad Electrical

AutoDesk Autocad Map 3d

AutoDesk Autocad Mechanical

AutoDesk Autocad Mep

AutoDesk Autocad Plant 3d

AutoDesk Civil 3d

AutoDesk Advance Steel

Affected Versions

Autodesk Shared Components:

Version 2026.2 and below 2026.3 is affected.

Autodesk AutoCAD:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD Architecture:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD Electrical:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD MAP 3D:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD Mechanical:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD MEP:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD Plant 3D:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk Civil 3D:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk Advance Steel:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Exploit Probability

EPSS

0.03%

Percentile

8.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Autodesk 3DM OOB Write RCE via crafted fileCVE-2025-7675 Published on July 29, 2025

Vulnerability Analysis

Weakness Type

What is a Memory Corruption Vulnerability?

Products Associated with CVE-2025-7675

Affected Versions

Exploit Probability

Autodesk 3DM OOB Write RCE via crafted file
CVE-2025-7675 Published on July 29, 2025