CVE-2025-11795
📋 TL;DR
A malicious JPG file can trigger an out-of-bounds write vulnerability in Autodesk 3ds Max, allowing attackers to execute arbitrary code with the privileges of the current user. This affects users who open untrusted JPG files in vulnerable versions of 3ds Max. The vulnerability requires user interaction to open a malicious file.
💻 Affected Systems
- Autodesk 3ds Max
📦 What is this software?
3ds Max by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through arbitrary code execution, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or malware installation on the affected workstation when a user opens a malicious JPG file.
If Mitigated
Limited impact if proper application sandboxing, least privilege principles, and file validation are implemented.
🎯 Exploit Status
Exploitation requires user interaction to open a malicious file; no public exploit code is known from provided references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Autodesk Security Advisory ADSK-SA-2025-0023 for specific patched versions
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0023
Restart Required: Yes
Instructions:
1. Open Autodesk Access or the Autodesk Desktop App.
2. Check for available updates for 3ds Max.
3. Apply the security update provided by Autodesk.
4. Restart 3ds Max and any related services.
🔧 Temporary Workarounds
Restrict JPG file handling
windowsConfigure 3ds Max to avoid processing JPG files from untrusted sources or disable JPG import functionality if not required.
Application sandboxing
windowsRun 3ds Max in a restricted environment or virtual machine to limit potential damage from exploitation.
🧯 If You Can't Patch
- Implement strict file validation policies to block untrusted JPG files from being opened in 3ds Max.
- Apply the principle of least privilege by running 3ds Max with limited user permissions.
🔍 How to Verify
Check if Vulnerable:
Check the 3ds Max version against the affected versions listed in Autodesk Security Advisory ADSK-SA-2025-0023.Check Version:
In 3ds Max, go to Help > About 3ds Max to view the version number.Verify Fix Applied:
Verify that the 3ds Max version has been updated to a patched version specified in the vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Unexpected crashes or memory access violations in 3ds Max application logs when processing JPG files.
- Security event logs showing unusual process creation from 3ds Max.
Network Indicators:
- Unusual outbound connections from 3ds Max process to external IPs.
SIEM Query:
Process creation events where parent process is 3dsmax.exe and command line contains suspicious parameters or outbound network connections.