Vulnerabilities > CVE-2023-25002 - Use After Free vulnerability in Autodesk products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

autodesk

CWE-416

NVD

Published: 2023-06-27

Updated: 2023-07-06

Summary

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Vulnerable Configurations

Part	Description	Count
Application	Autodesk Autodesk Navisworks 2022 Autodesk Navisworks 2023 Autodesk Revit 2022 Autodesk Revit 2023 Autodesk 3DS MAX 2022 Autodesk 3DS MAX 2023 Autodesk Vred 2023	7

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002