Revit
Monthly
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
CVE-2025-5040 is a heap-based buffer overflow vulnerability in Autodesk Revit's RTE file parser that allows local attackers with user interaction to trigger memory corruption. Successful exploitation enables arbitrary code execution, sensitive data theft, or application denial of service within the Revit process context. This vulnerability requires a maliciously crafted RTE file and user action to open it, making it a moderate-to-high priority for organizations using Revit for design workflows.
CVE-2025-5037 is a memory corruption vulnerability in Autodesk Revit triggered by parsing maliciously crafted RFA, RTE, or RVT files, allowing unauthenticated local attackers with user interaction to execute arbitrary code with the privileges of the Revit process. With a CVSS score of 7.8 and requiring only local access and user interaction (opening a file), this vulnerability poses significant risk to design and engineering teams who routinely handle external Revit model files.
Use-After-Free vulnerability (CWE-416) in Autodesk Revit triggered by maliciously crafted RFA (Revit Family) files that can be linked or imported into the application. An unauthenticated attacker with local access can exploit this vulnerability to crash the application, exfiltrate sensitive data, or achieve arbitrary code execution with the privileges of the Revit process. The attack requires user interaction (opening/importing a malicious file) but has high impact potential (confidentiality, integrity, and availability all compromised); current KEV and exploitation status unknown without additional intelligence sources.
A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
CVE-2025-5040 is a heap-based buffer overflow vulnerability in Autodesk Revit's RTE file parser that allows local attackers with user interaction to trigger memory corruption. Successful exploitation enables arbitrary code execution, sensitive data theft, or application denial of service within the Revit process context. This vulnerability requires a maliciously crafted RTE file and user action to open it, making it a moderate-to-high priority for organizations using Revit for design workflows.
CVE-2025-5037 is a memory corruption vulnerability in Autodesk Revit triggered by parsing maliciously crafted RFA, RTE, or RVT files, allowing unauthenticated local attackers with user interaction to execute arbitrary code with the privileges of the Revit process. With a CVSS score of 7.8 and requiring only local access and user interaction (opening a file), this vulnerability poses significant risk to design and engineering teams who routinely handle external Revit model files.
Use-After-Free vulnerability (CWE-416) in Autodesk Revit triggered by maliciously crafted RFA (Revit Family) files that can be linked or imported into the application. An unauthenticated attacker with local access can exploit this vulnerability to crash the application, exfiltrate sensitive data, or achieve arbitrary code execution with the privileges of the Revit process. The attack requires user interaction (opening/importing a malicious file) but has high impact potential (confidentiality, integrity, and availability all compromised); current KEV and exploitation status unknown without additional intelligence sources.
A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.