CVE-2023-25001
📋 TL;DR
A use-after-free vulnerability in Autodesk Navisworks allows malicious SKP files to trigger memory corruption, potentially leading to arbitrary code execution. This affects users of Autodesk Navisworks 2023 and 2022 who open untrusted SKP files. Attackers could exploit this by tricking users into opening specially crafted files.
💻 Affected Systems
- Autodesk Navisworks
📦 What is this software?
Navisworks by Autodesk
Navisworks by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the Navisworks user, potentially leading to lateral movement, data theft, or ransomware deployment.
Likely Case
Application crash or limited code execution within the Navisworks process context, potentially allowing file system access or further exploitation.
If Mitigated
Application crash without code execution if memory protections (ASLR, DEP) are effective, but denial of service still occurs.
🎯 Exploit Status
Exploitation requires user interaction (opening a malicious file). Memory corruption vulnerabilities like use-after-free can be challenging to exploit reliably.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to latest version per Autodesk advisory
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002
Restart Required: Yes
Instructions:
1. Open Autodesk Navisworks
2. Go to Help > About > Product Information to check current version
3. Download and install the latest update from Autodesk's official website or through the Autodesk Desktop App
4. Restart the application and computer if prompted
🔧 Temporary Workarounds
Restrict SKP file handling
windowsConfigure system to open SKP files with a different application or add warning prompts
User awareness training
allTrain users to only open SKP files from trusted sources
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized Navisworks execution
- Use endpoint protection with memory corruption detection capabilities
🔍 How to Verify
Check if Vulnerable:
Check Navisworks version: Open Navisworks > Help > About > Product Information. If version is 2023 or 2022 without the latest security update, it is vulnerable.Check Version:
Not applicable - use GUI method described aboveVerify Fix Applied:
Verify version number matches the patched version specified in Autodesk advisory and attempt to open known safe SKP files to confirm functionality.📡 Detection & Monitoring
Log Indicators:
- Application crash logs from Navisworks
- Windows Event Logs showing application failures (Event ID 1000)
Network Indicators:
- Unusual outbound connections from Navisworks process after file opening
SIEM Query:
source="Windows Event Logs" EventID=1000 ProcessName="*navisworks*" OR source="application logs" message="*crash*" AND "navisworks"