CVE-2025-10883 – This vulnerability allows attackers to exploit ... (How to Fix)

Q: What is the severity of CVE-2025-10883?

CVE-2025-10883 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to exploit an out-of-bounds read in Autodesk products when processing malicious CATPRODUCT files. Successful exploitation could lead to crashes, sensitive data exposure, or arbitrary code execution. Users of affected Autodesk software are at risk.

📋 TL;DR

This vulnerability allows attackers to exploit an out-of-bounds read in Autodesk products when processing malicious CATPRODUCT files. Successful exploitation could lead to crashes, sensitive data exposure, or arbitrary code execution. Users of affected Autodesk software are at risk.

💻 Affected Systems

Products:

Autodesk Access
Other Autodesk products that parse CATPRODUCT files

Versions: Specific versions mentioned in advisory ADSK-SA-2025-0024

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires user interaction to open malicious files. All default configurations that process CATPRODUCT files are vulnerable.

📦 What is this software?

Shared Components by Autodesk

View all CVEs affecting Shared Components →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the current user, potentially leading to complete system compromise.

🟠

Likely Case

Application crashes and potential information disclosure through memory reads.

🟢

If Mitigated

Limited impact with proper file handling restrictions and network segmentation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious files. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions specified in Autodesk advisory ADSK-SA-2025-0024

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024

Restart Required: Yes

Instructions:

1. Visit the Autodesk Trust Center security advisory page
2. Identify affected products and versions
3. Download and install the latest updates from Autodesk
4. Restart affected applications and systems

🔧 Temporary Workarounds

Restrict CATPRODUCT file handling

all

Block or restrict processing of CATPRODUCT files through application controls or file policies

User awareness training

all

Educate users to avoid opening CATPRODUCT files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to restrict execution of vulnerable Autodesk products
Use network segmentation to isolate systems running vulnerable software from critical assets

🔍 How to Verify

Check if Vulnerable:

Check installed Autodesk product versions against the advisory list

Check Version:

Check via Autodesk product 'About' dialog or system information

Verify Fix Applied:

Verify installed version matches or exceeds patched versions listed in advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing CATPRODUCT files
Unusual memory access patterns in application logs

Network Indicators:

Unexpected network connections after file processing
Data exfiltration patterns

SIEM Query:

Search for application crash events related to Autodesk processes or suspicious file access patterns

📊 Metadata

CVE ID: CVE-2025-10883

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.03% exploit probability (6.3th percentile)

Published: December 16, 2025

Last Updated: December 19, 2025

🔗 References

https://www.autodesk.com/products/autodesk-access/overview Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10883, you might also want to check these: