Skip to main content

Revit CVE-2025-8893

HIGH
Out-of-bounds Write (CWE-787)
2025-09-16 psirt@autodesk.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:12 vuln.today
CVE Published
Sep 16, 2025 - 15:15 nvd
HIGH 7.8

DescriptionCVE.org

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

AnalysisAI

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. Affected products include: Autodesk Revit, Autodesk Autocad, Autodesk Autocad Architecture, Autodesk Autocad Electrical, Autodesk Autocad Mechanical.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

More in Revit

View all
CVE-2025-1274 HIGH
7.8 Apr 15

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. Rate

CVE-2025-1275 HIGH
7.8 Apr 15

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overf

CVE-2025-2497 HIGH
7.8 Apr 15

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerabilit

CVE-2025-1656 HIGH
7.8 Apr 15

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vuln

CVE-2025-1277 HIGH
7.8 Apr 15

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability.

CVE-2025-1273 HIGH
7.8 Apr 15

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vuln

CVE-2025-5036 HIGH
7.8 Jun 02

Use-After-Free vulnerability (CWE-416) in Autodesk Revit triggered by maliciously crafted RFA (Revit Family) files that

CVE-2025-1276 HIGH
7.8 Apr 15

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vuln

CVE-2025-5037 HIGH
7.8 Jul 10

CVE-2025-5037 is a memory corruption vulnerability in Autodesk Revit triggered by parsing maliciously crafted RFA, RTE,

CVE-2025-5040 HIGH
7.8 Jul 10

CVE-2025-5040 is a heap-based buffer overflow vulnerability in Autodesk Revit's RTE file parser that allows local attack

CVE-2024-11608 HIGH
7.8 Dec 09

A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow.

CVE-2024-11454 HIGH
7.8 Dec 09

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and

Share

CVE-2025-8893 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy