CVE-2025-6635 – CVE-2025-6635 is an out-of-bounds read vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-6635?

CVE-2025-6635 has a CVSS score of 7.8 (HIGH). CVE-2025-6635 is an out-of-bounds read vulnerability in certain Autodesk products that allows attackers to crash applications, read sensitive memory, or execute arbitrary code by tricking users into opening malicious PRT files. This affects users of vulnerable Autodesk software versions. The vulnerability requires user interaction through file opening.

📋 TL;DR

CVE-2025-6635 is an out-of-bounds read vulnerability in certain Autodesk products that allows attackers to crash applications, read sensitive memory, or execute arbitrary code by tricking users into opening malicious PRT files. This affects users of vulnerable Autodesk software versions. The vulnerability requires user interaction through file opening.

💻 Affected Systems

Products:

Autodesk Access and other unspecified Autodesk products

Versions: Specific versions not detailed in provided references; check vendor advisory for exact ranges.

Operating Systems: Windows, macOS, Linux (if supported by affected products)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing malicious PRT files; exact product list may be broader than Autodesk Access.

📦 What is this software?

Shared Components by Autodesk

View all CVEs affecting Shared Components →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the current user, potentially leading to full system compromise.

🟠

Likely Case

Application crash or sensitive information disclosure from memory.

🟢

If Mitigated

Limited to denial of service if memory protections prevent code execution.

🌐 Internet-Facing: MEDIUM - Requires user interaction but can be delivered via email or web downloads.

🏢 Internal Only: MEDIUM - Similar risk internally, but may be easier to target specific users.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file; no public exploit details available yet.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015

Restart Required: Yes

Instructions:

1. Visit the Autodesk security advisory URL. 2. Identify affected products and versions. 3. Update to the latest patched version via Autodesk's update mechanism or download from official sources. 4. Restart the application and system if required.

🔧 Temporary Workarounds

Block PRT file execution

all

Prevent processing of PRT files in affected Autodesk products to mitigate the vulnerability.

Not applicable - configure via application settings or group policy

User awareness training

all

Educate users to avoid opening untrusted PRT files from unknown sources.

🧯 If You Can't Patch

Restrict user permissions to limit impact of potential code execution.
Implement application whitelisting to block unauthorized Autodesk software execution.

🔍 How to Verify

Check if Vulnerable:

Check installed Autodesk product versions against the vendor advisory; if using affected versions and processing PRT files, assume vulnerable.

Check Version:

Varies by product; typically check 'About' in application or use command-line tools specific to each Autodesk product.

Verify Fix Applied:

Update to patched version per vendor instructions and verify version number matches advisory.

📡 Detection & Monitoring

Log Indicators:

Application crashes related to PRT file processing
Unexpected memory access errors in logs

Network Indicators:

Downloads of PRT files from untrusted sources

SIEM Query:

Search for events involving Autodesk processes crashing or accessing suspicious PRT files.

📊 Metadata

CVE ID: CVE-2025-6635

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.03% exploit probability (6.6th percentile)

Published: July 29, 2025

Last Updated: August 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6635, you might also want to check these: