CVE-2025-6632 – CVE-2025-6632 is an out-of-bounds read vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-6632?

CVE-2025-6632 has a CVSS score of 5.3 (MEDIUM). CVE-2025-6632 is an out-of-bounds read vulnerability in Autodesk 3ds Max that allows malicious PSD files to cause crashes, leak sensitive data, or potentially execute arbitrary code. This affects all users who open or import PSD files in vulnerable versions of 3ds Max. The vulnerability requires user interaction to open a malicious file.

📋 TL;DR

CVE-2025-6632 is an out-of-bounds read vulnerability in Autodesk 3ds Max that allows malicious PSD files to cause crashes, leak sensitive data, or potentially execute arbitrary code. This affects all users who open or import PSD files in vulnerable versions of 3ds Max. The vulnerability requires user interaction to open a malicious file.

💻 Affected Systems

Products:

Autodesk 3ds Max

Versions: Specific versions mentioned in Autodesk advisory ADSK-SA-2025-0016 (check vendor advisory for exact range)

Operating Systems: Windows, macOS if applicable

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when opening or importing malicious PSD files. All default configurations that process PSD files are affected.

📦 What is this software?

3ds Max by Autodesk

View all CVEs affecting 3ds Max →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary code execution with the privileges of the 3ds Max process, potentially leading to full system compromise if running with elevated privileges.

🟠

Likely Case

Application crash or sensitive memory data leakage, disrupting workflows and potentially exposing confidential information.

🟢

If Mitigated

Limited impact with proper file validation and user awareness, potentially just application instability.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious files, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires user action.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to open a specially crafted PSD file. Exploitation for code execution would require additional memory manipulation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Autodesk advisory ADSK-SA-2025-0016 for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0016

Restart Required: No

Instructions:

1. Visit Autodesk Trust Center. 2. Locate advisory ADSK-SA-2025-0016. 3. Download and install the security update for your 3ds Max version. 4. Verify installation through version check.

🔧 Temporary Workarounds

Restrict PSD file processing

all

Configure 3ds Max to avoid processing PSD files from untrusted sources

User awareness training

all

Train users to only open PSD files from trusted sources

🧯 If You Can't Patch

Implement application whitelisting to restrict 3ds Max execution to trusted systems only
Use file integrity monitoring to detect unauthorized PSD file modifications
Isolate 3ds Max systems from critical network segments

🔍 How to Verify

Check if Vulnerable:

Check 3ds Max version against affected versions listed in Autodesk advisory ADSK-SA-2025-0016

Check Version:

In 3ds Max: Help > About Autodesk 3ds Max

Verify Fix Applied:

Verify installed version matches or exceeds patched version from Autodesk advisory

📡 Detection & Monitoring

Log Indicators:

3ds Max crash logs with memory access violations
Unexpected process termination events

Network Indicators:

Unusual file transfers of PSD files to 3ds Max systems

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="3dsmax.exe" AND ExceptionCode=0xC0000005

📊 Metadata

CVE ID: CVE-2025-6632

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-125

EPSS Score: 0.02% exploit probability (2.6th percentile)

Published: August 6, 2025

Last Updated: November 13, 2025

🔗 References

https://www.autodesk.com/products/autodesk-access/overview Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0016 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6632, you might also want to check these: