Attack on Autodesk Revit via Maliciously Crafted DLL File
CVE-2024-11454

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Revit
Vendor: CVE Published:; 9 December 2024

Summary

A vulnerability exists in Autodesk Revit that allows for the execution of arbitrary code through a maliciously crafted DLL file. When this DLL is placed in the same directory as an RVT file, Autodesk Revit may improperly utilize an untrusted search path. This can lead to code being executed in the context of the current process, posing significant risks to the integrity and security of the user's system. Users are advised to apply the latest updates and follow best practices to safeguard their environments.

Affected Version(s)

Revit 2025 < 2025.4

References

https://autodesk.com/trust/security-advisories/adsk-sa-20...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Nov 19, 2024