CVE-2025-10244 – A stored cross-site scripting vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-10244?

CVE-2025-10244 has a CVSS score of 8.7 (HIGH). A stored cross-site scripting vulnerability in Autodesk Fusion allows malicious HTML payloads to execute arbitrary code when rendered by the application. This could enable attackers to read local files or execute commands within the current process context. All users running vulnerable versions of Autodesk Fusion are affected.

📋 TL;DR

A stored cross-site scripting vulnerability in Autodesk Fusion allows malicious HTML payloads to execute arbitrary code when rendered by the application. This could enable attackers to read local files or execute commands within the current process context. All users running vulnerable versions of Autodesk Fusion are affected.

💻 Affected Systems

Products:

Autodesk Fusion

Versions: Specific vulnerable versions not specified in advisory, check vendor advisory for details

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires rendering of malicious HTML content within the application

📦 What is this software?

Fusion by Autodesk

View all CVEs affecting Fusion →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary code execution, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Local file read and limited code execution within the application's process context, potentially leading to credential theft or further exploitation.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, though some information disclosure may still occur.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction with malicious content within the application

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0020

Restart Required: Yes

Instructions:

1. Visit the Autodesk Trust Center advisory
2. Download and install the latest version of Autodesk Fusion
3. Restart the application and verify update

🔧 Temporary Workarounds

Disable HTML rendering features

all

Configure application to disable or restrict HTML content rendering capabilities

Application sandboxing

all

Run Autodesk Fusion in restricted/sandboxed environment to limit potential damage

🧯 If You Can't Patch

Restrict user access to untrusted content sources within the application
Implement network segmentation to isolate vulnerable systems

🔍 How to Verify

Check if Vulnerable:

Check current Autodesk Fusion version against vendor advisory for vulnerable versions

Check Version:

Check Help > About in Autodesk Fusion application

Verify Fix Applied:

Verify installed version matches or exceeds patched version specified in vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from Autodesk Fusion process
Suspicious process creation by Autodesk Fusion

Network Indicators:

Unexpected outbound connections from Autodesk Fusion to external servers

SIEM Query:

Process creation where parent process contains 'Fusion' AND (command line contains suspicious patterns OR destination IP is external)

📊 Metadata

CVE ID: CVE-2025-10244

CVSS v3 Score: 8.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE: CWE-79

EPSS Score: 0.08% exploit probability (23.2th percentile)

Published: September 23, 2025

Last Updated: December 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10244, you might also want to check these: