Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
AnalysisAI
Use-After-Free vulnerability (CWE-416) in Autodesk Revit triggered by maliciously crafted RFA (Revit Family) files that can be linked or imported into the application. An unauthenticated attacker with local access can exploit this vulnerability to crash the application, exfiltrate sensitive data, or achieve arbitrary code execution with the privileges of the Revit process. The attack requires user interaction (opening/importing a malicious file) but has high impact potential (confidentiality, integrity, and availability all compromised); current KEV and exploitation status unknown without additional intelligence sources.
Technical ContextAI
Autodesk Revit is a Building Information Modeling (BIM) application that processes RFA (Revit Family) files—serialized component definitions used in architectural designs. The vulnerability exists in Revit's RFA file parsing logic, which fails to properly manage memory references when linking or importing these files. CWE-416 (Use-After-Free) indicates that the application references memory that has been deallocated, allowing an attacker to manipulate freed memory regions. This typically occurs in C/C++ codebases where manual memory management is used. A maliciously crafted RFA file likely contains specially formatted data structures that trigger premature deallocation of objects during file parsing, followed by subsequent code paths that attempt to access these freed objects. Affected CPE strings would be: cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:* (versions prior to patched release). The RFA file format is Autodesk-proprietary and binary-based, making validation difficult for end-users.
RemediationAI
(1) Immediate: Disable RFA file linking/importing functionality in Revit if business operations permit, or restrict user access to untrusted external RFA files. (2) Process-level: Implement file validation workflows—do not open RFA files from untrusted sources (external vendors, internet downloads, unsolicited email attachments). (3) Patch-level: Monitor Autodesk security advisories for a patched Revit version addressing CVE-2025-5036. Once released, deploy patches to all affected Revit installations following change management. (4) Compensating controls: Use application whitelisting to restrict Revit's file I/O, run Revit in sandboxed environments if feasible, and monitor for abnormal Revit process crashes or memory access patterns. (5) Organizational: Educate users on the risks of opening design files from untrusted collaborators; implement code-review processes for externally-sourced RFA files in controlled environments before integration into production BIM models.
A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. Rate
A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overf
A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerabilit
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vuln
A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability.
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vuln
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vuln
CVE-2025-5037 is a memory corruption vulnerability in Autodesk Revit triggered by parsing maliciously crafted RFA, RTE,
CVE-2025-5040 is a heap-based buffer overflow vulnerability in Autodesk Revit's RTE file parser that allows local attack
A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow.
A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. Rated high
Same weakness CWE-416 – Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16683