Memory Corruption Vulnerability in Autodesk Navisworks
CVE-2024-12178

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Navisworks Freedom; Navisworks Simulate; Navisworks Manage
Vendor: CVE Published:; 17 December 2024

What is CVE-2024-12178?

CVE-2024-12178 describes a significant memory corruption vulnerability found in Autodesk's Navisworks software. This vulnerability arises when the application processes a maliciously crafted DWFX file. An attacker can exploit this flaw to corrupt memory, which could result in the execution of arbitrary code within the current process. This presents serious security risks, as it could allow an attacker to perform unauthorized actions on the system. Users of Autodesk Navisworks are highly encouraged to apply patches and updates as soon as they are available to mitigate this vulnerability effectively.

Affected Version(s)

Navisworks Freedom 2025 < 2025.4

Navisworks Manage 2025 < 2025.4

Navisworks Simulate 2025 < 2025.4

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2024
Vulnerability Reserved
Dec 4, 2024