CVE-2025-10881

Published: Dec 16, 2025Modified: Dec 19, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: psirt@autodesk.com

Description

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Affected (1)

Products: Autodesk: Shared Components

Autodesk

1 product

Shared Components

Configuration A

1 vulnerable · 15 platform

Vulnerable Software	Affected Versions
Autodesk Shared Components	Before 2026.5

Running on/with	Platform Versions
Autodesk 3ds Max	Version 2026
Autodesk Advance Steel	Version 2026
Autodesk Autocad	Version 2026
Autodesk Autocad Architecture	Version 2026
Autodesk Autocad Electrical	Version 2026
Autodesk Autocad Map 3d	Version 2026
Autodesk Autocad Mechanical	Version 2026
Autodesk Autocad Mep	Version 2026
Autodesk Autocad Plant 3d	Version 2026
Autodesk Civil 3d	Version 2026
Autodesk Infraworks	Version 2026
Autodesk Inventor	Version 2026
Autodesk Revit	Version 2026
Autodesk Revit Lt	Version 2026
Autodesk Vault	Version 2026

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (2)

https://www.autodesk.com/products/autodesk-access/overview

Source: psirt@autodesk.com

Product

https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024

Source: psirt@autodesk.com

Vendor Advisory

Timeline

No history available yet.