Login Sign Up

CVE-2025-5036

7.8 HIGH
Remote Code Execution

📋 TL;DR

A maliciously crafted RFA file can trigger a Use-After-Free vulnerability in Autodesk Revit, allowing attackers to crash the application, read sensitive data, or execute arbitrary code. This affects users who open untrusted RFA files in vulnerable versions of Autodesk Revit. The vulnerability requires user interaction to open a malicious file.

💻 Affected Systems

Products:
  • Autodesk Revit
Versions: Affected version range
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where users open untrusted RFA files. Requires user interaction.

📦 What is this software?

Revit by Autodesk

View all CVEs affecting Revit →

Revit by Autodesk

View all CVEs affecting Revit →

Revit by Autodesk

View all CVEs affecting Revit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the current user, potentially leading to full system compromise, data theft, or lateral movement within networks.

🟠

Likely Case

Application crash or denial of service when opening malicious files, with potential for limited data exposure.

🟢

If Mitigated

No impact if malicious files are not opened or if the system is patched and properly configured.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious RFA file. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version that fixes this

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0009

Restart Required: Yes

Instructions:

1. Visit the Autodesk Trust Center security advisory page.
2. Download and install the latest security update for Autodesk Revit.
3. Restart the application and verify the patch is applied.

🔧 Temporary Workarounds

Restrict RFA file handling

windows

Configure system policies to prevent opening untrusted RFA files or restrict file associations.

User awareness training

all

Educate users to only open RFA files from trusted sources and verify file integrity.

🧯 If You Can't Patch

  • Implement application whitelisting to restrict execution of Revit to trusted locations only.
  • Use network segmentation to isolate Revit systems from critical infrastructure.

🔍 How to Verify

Check if Vulnerable:

Check the Autodesk Revit version against the affected versions listed in the security advisory.

Check Version:

In Revit, go to Help > About Autodesk Revit to view the version number.

Verify Fix Applied:

Verify the installed version matches or exceeds the patched version specified in the advisory.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs from Revit with memory access violations
  • Unexpected process termination events in system logs

Network Indicators:

  • Unusual outbound connections from Revit process after opening files

SIEM Query:

Example SIEM/detection query if applicable

📊 Metadata

CVE ID: CVE-2025-5036
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.03% exploit probability (8.1th percentile)
Published: June 2, 2025
Last Updated: August 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5036, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)