Memory Corruption Flaw in Autodesk AutoCAD and Navisworks Products
CVE-2022-25791

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Autodesk Advanced Steel, Civil 3d, Autocad, Autocad Lt, Autocad Architecture, Autocad Electrical, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d
Vendor: CVE Published:; 11 April 2022

What is CVE-2022-25791?

A memory corruption flaw has been identified in Autodesk AutoCAD and Navisworks products, affecting various versions. This vulnerability can be exploited through maliciously crafted DWF and DWFX files, potentially leading to unauthorized code execution via DLL files. Users are advised to apply recommended security measures to mitigate risks associated with this issue.

Affected Version(s)

Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D 2022.1.1

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2022
Vulnerability Reserved
Feb 22, 2022