Login Sign Up

CVE-2023-25005

7.8 HIGH

📋 TL;DR

This vulnerability in Autodesk InfraWorks allows attackers to craft malicious DLL files that cause the software to read beyond allocated memory boundaries. This could lead to resource injection attacks, potentially allowing arbitrary code execution. Users of Autodesk InfraWorks 2023 and 2021 are affected.

💻 Affected Systems

Products:
  • Autodesk InfraWorks
Versions: 2023 and 2021 versions
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default when processing DLL files.

📦 What is this software?

Infraworks by Autodesk

View all CVEs affecting Infraworks →

Infraworks by Autodesk

View all CVEs affecting Infraworks →

Infraworks by Autodesk

View all CVEs affecting Infraworks →

Infraworks by Autodesk

View all CVEs affecting Infraworks →

Infraworks by Autodesk

View all CVEs affecting Infraworks →

Infraworks by Autodesk

View all CVEs affecting Infraworks →

Infraworks by Autodesk

View all CVEs affecting Infraworks →

Infraworks by Autodesk

View all CVEs affecting Infraworks →

Infraworks by Autodesk

View all CVEs affecting Infraworks →

Infraworks by Autodesk

View all CVEs affecting Infraworks →

Infraworks by Autodesk

View all CVEs affecting Infraworks →

Infraworks by Autodesk

View all CVEs affecting Infraworks →

Infraworks by Autodesk

View all CVEs affecting Infraworks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the InfraWorks process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited information disclosure through memory reading.

🟢

If Mitigated

Application crash with no data loss if proper sandboxing and privilege separation are implemented.

🌐 Internet-Facing: LOW - InfraWorks is typically not exposed to the internet directly.
🏢 Internal Only: MEDIUM - Requires user interaction to open malicious DLL files, but could be exploited through social engineering or shared network drives.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious DLL file. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest version as specified in Autodesk advisory

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0006

Restart Required: Yes

Instructions:

1. Open Autodesk Desktop App or Autodesk Account. 2. Check for available updates. 3. Install the security update for InfraWorks. 4. Restart the application and any related services.

🔧 Temporary Workarounds

Restrict DLL loading

windows

Use application control policies to restrict loading of untrusted DLLs

Configure Windows AppLocker or similar application control solution

User awareness training

all

Train users not to open untrusted DLL files with InfraWorks

🧯 If You Can't Patch

  • Restrict user permissions to minimize impact if exploited
  • Implement network segmentation to isolate InfraWork installations

🔍 How to Verify

Check if Vulnerable:

Check InfraWorks version in Help > About. If version is 2023 or 2021 without latest security patches, it is vulnerable.

Check Version:

In InfraWorks: Help > About or check Windows Programs and Features

Verify Fix Applied:

Verify version number matches patched version in Autodesk advisory and test with sample DLL files.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unexpected DLL loading events

Network Indicators:

  • Unusual outbound connections from InfraWorks process

SIEM Query:

EventID=1000 OR EventID=1001 with process name containing 'InfraWorks'

📊 Metadata

CVE ID: CVE-2023-25005
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-427
Published: May 12, 2023
Last Updated: January 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25005, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2023-25143 9.8

This vulnerability in Trend Micro Apex One Server installer allows attackers to execute arbitrary co...

Same vulnerability type (CWE-427)