Use-After-Free Vulnerability in Autodesk Navisworks 2022 and 2023
CVE-2023-25001

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Navisworks
Vendor: CVE Published:; 27 June 2023

What is CVE-2023-25001?

A vulnerability exists in Autodesk Navisworks 2022 and 2023 due to improper handling of maliciously crafted SKP files. Specifically, an attacker can exploit this flaw by creating a specially designed SKP file that triggers a use-after-free condition, potentially allowing for unauthorized code execution within the application. Users of Autodesk Navisworks are encouraged to apply the latest security updates provided by Autodesk to mitigate this risk.

Affected Version(s)

Navisworks 2023, 2022

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2023
Vulnerability Reserved
Feb 1, 2023