CVE-2025-10887 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2025-10887?

CVE-2025-10887 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious MODEL files in affected Autodesk products. The memory corruption occurs during file parsing, enabling code execution with the same privileges as the current process. Users of vulnerable Autodesk software versions are affected.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious MODEL files in affected Autodesk products. The memory corruption occurs during file parsing, enabling code execution with the same privileges as the current process. Users of vulnerable Autodesk software versions are affected.

💻 Affected Systems

Products:

Autodesk Access
Other Autodesk products mentioned in advisory

Versions: Specific versions listed in Autodesk Security Advisory ADSK-SA-2025-0024

Operating Systems: Windows, macOS, Linux where applicable

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects file parsing functionality; exact product list requires checking the vendor advisory.

📦 What is this software?

Shared Components by Autodesk

View all CVEs affecting Shared Components →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or malware installation when users open malicious files, potentially leading to credential theft or data exfiltration.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, though file parsing errors may still cause crashes.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious files; no public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions specified in Autodesk Security Advisory ADSK-SA-2025-0024

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024

Restart Required: Yes

Instructions:

1. Review Autodesk Security Advisory ADSK-SA-2025-0024. 2. Identify affected products and versions. 3. Update to patched versions through Autodesk Access or official download channels. 4. Restart systems after installation.

🔧 Temporary Workarounds

Restrict MODEL file handling

all

Configure systems to open MODEL files only in trusted applications or sandboxed environments

User awareness training

all

Train users to avoid opening MODEL files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized code execution
Use endpoint detection and response (EDR) solutions to monitor for suspicious file parsing behavior

🔍 How to Verify

Check if Vulnerable:

Check installed Autodesk product versions against those listed in Autodesk Security Advisory ADSK-SA-2025-0024

Check Version:

Check within Autodesk product Help > About or system application list

Verify Fix Applied:

Verify installed version matches or exceeds patched versions specified in the advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes during MODEL file parsing
Unusual process spawning from Autodesk applications
File access errors in application logs

Network Indicators:

Unexpected outbound connections from Autodesk processes
File downloads followed by immediate parsing attempts

SIEM Query:

Process creation where parent process contains 'autodesk' AND (command line contains '.model' OR file extension is '.model')

📊 Metadata

CVE ID: CVE-2025-10887

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.03% exploit probability (6.3th percentile)

Published: December 16, 2025

Last Updated: December 19, 2025

🔗 References

https://www.autodesk.com/products/autodesk-access/overview Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10887, you might also want to check these: