Skip to main content

Revit CVE-2025-5036

| EUVDEUVD-2025-16683 HIGH
Use After Free (CWE-416)
2025-06-02 psirt@autodesk.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:45 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
2024.3.3,2023.1.8,2026.1
EUVD ID Assigned
Mar 14, 2026 - 16:47 euvd
EUVD-2025-16683
Analysis Generated
Mar 14, 2026 - 16:47 vuln.today
CVE Published
Jun 02, 2025 - 17:15 nvd
HIGH 7.8

DescriptionCVE.org

A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

AnalysisAI

Use-After-Free vulnerability (CWE-416) in Autodesk Revit triggered by maliciously crafted RFA (Revit Family) files that can be linked or imported into the application. An unauthenticated attacker with local access can exploit this vulnerability to crash the application, exfiltrate sensitive data, or achieve arbitrary code execution with the privileges of the Revit process. The attack requires user interaction (opening/importing a malicious file) but has high impact potential (confidentiality, integrity, and availability all compromised); current KEV and exploitation status unknown without additional intelligence sources.

Technical ContextAI

Autodesk Revit is a Building Information Modeling (BIM) application that processes RFA (Revit Family) files—serialized component definitions used in architectural designs. The vulnerability exists in Revit's RFA file parsing logic, which fails to properly manage memory references when linking or importing these files. CWE-416 (Use-After-Free) indicates that the application references memory that has been deallocated, allowing an attacker to manipulate freed memory regions. This typically occurs in C/C++ codebases where manual memory management is used. A maliciously crafted RFA file likely contains specially formatted data structures that trigger premature deallocation of objects during file parsing, followed by subsequent code paths that attempt to access these freed objects. Affected CPE strings would be: cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:* (versions prior to patched release). The RFA file format is Autodesk-proprietary and binary-based, making validation difficult for end-users.

RemediationAI

(1) Immediate: Disable RFA file linking/importing functionality in Revit if business operations permit, or restrict user access to untrusted external RFA files. (2) Process-level: Implement file validation workflows—do not open RFA files from untrusted sources (external vendors, internet downloads, unsolicited email attachments). (3) Patch-level: Monitor Autodesk security advisories for a patched Revit version addressing CVE-2025-5036. Once released, deploy patches to all affected Revit installations following change management. (4) Compensating controls: Use application whitelisting to restrict Revit's file I/O, run Revit in sandboxed environments if feasible, and monitor for abnormal Revit process crashes or memory access patterns. (5) Organizational: Educate users on the risks of opening design files from untrusted collaborators; implement code-review processes for externally-sourced RFA files in controlled environments before integration into production BIM models.

More in Revit

View all
CVE-2025-1274 HIGH
7.8 Apr 15

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. Rate

CVE-2025-1275 HIGH
7.8 Apr 15

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overf

CVE-2025-2497 HIGH
7.8 Apr 15

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerabilit

CVE-2025-1656 HIGH
7.8 Apr 15

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vuln

CVE-2025-1277 HIGH
7.8 Apr 15

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability.

CVE-2025-1273 HIGH
7.8 Apr 15

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vuln

CVE-2025-1276 HIGH
7.8 Apr 15

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vuln

CVE-2025-5037 HIGH
7.8 Jul 10

CVE-2025-5037 is a memory corruption vulnerability in Autodesk Revit triggered by parsing maliciously crafted RFA, RTE,

CVE-2025-5040 HIGH
7.8 Jul 10

CVE-2025-5040 is a heap-based buffer overflow vulnerability in Autodesk Revit's RTE file parser that allows local attack

CVE-2024-11608 HIGH
7.8 Dec 09

A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow.

CVE-2024-11454 HIGH
7.8 Dec 09

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and

CVE-2024-7994 HIGH
7.8 Oct 16

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. Rated high

Share

CVE-2025-5036 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy