EUVD-2025-17690
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution.
Analysis
Privilege escalation vulnerability in Autodesk Installer applications where a maliciously crafted binary file exploits an untrusted search path to achieve NT AUTHORITY/SYSTEM level code execution. The vulnerability requires local user interaction (file download) but no privileges, making it a significant risk for Windows environments running Autodesk products. While CVSS 7.8 indicates high severity, the local attack vector and required user interaction limit the attack surface compared to remote exploits.
Technical Context
This vulnerability stems from CWE-426 (Untrusted Search Path), a well-known class of privilege escalation flaws where applications search for dependencies or binaries in directories that an unprivileged attacker can modify. The Autodesk Installer application fails to validate the integrity or source of binary files during the installation or update process, allowing an attacker to place a malicious binary in a predictable search path (typically %PATH%, current directory, or application-specific directories). When the installer executes and searches for required binaries or libraries without absolute path validation or signature verification, it loads the attacker-controlled malicious binary instead of the legitimate one, executing arbitrary code with the elevated privileges (NT AUTHORITY/SYSTEM) that the installer process runs under. This is a classic DLL hijacking or path injection attack pattern common in Windows software.
Affected Products
Autodesk Installer application (specific version/product family not detailed in available data; likely affects multiple Autodesk products including AutoCAD, Revit, Fusion 360, and other tools that share the installer framework). Affected platforms: Windows systems running NT AUTHORITY/SYSTEM context installer processes. CPE information for specific Autodesk products would follow pattern: cpe:2.3:a:autodesk:*:*:*:*:*:*:*:*:* (awaiting vendor advisory for exact version constraints). Exploitation requires Windows filesystem access and ability to modify or inject into application search paths (typically requires local user access or network write permissions to shared application directories).
Remediation
1. **Immediate**: Autodesk should release patched installer versions that implement trusted search path validation (absolute paths), digital signature verification for loaded binaries, and manifest-based dependency loading. 2. **For End Users**: Update Autodesk applications and installers to the latest patched versions from Autodesk's official website or subscription portal. 3. **Workarounds** (pending patches): (a) Disable or remove write permissions on directories in the installer's search path for unprivileged users, (b) Run installers from isolated or read-only network shares where possible, (c) Use AppLocker or Code Integrity policies to whitelist only legitimate Autodesk binaries, (d) Educate users not to download installer executables from untrusted sources. 4. **Configuration**: Ensure installers run with minimal required privileges; disable auto-update features from untrusted sources. Patch references and vendor advisories should be sourced from Autodesk's official security bulletins (typically security.autodesk.com) once published.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today