CVE-2025-6637 – CVE-2025-6637 is an out-of-bounds write vulnera... (How to Fix)

Q: What is the severity of CVE-2025-6637?

CVE-2025-6637 has a CVSS score of 7.8 (HIGH). CVE-2025-6637 is an out-of-bounds write vulnerability in Autodesk products that allows arbitrary code execution when parsing malicious PRT files. Attackers can exploit this to crash applications, corrupt data, or execute code with the privileges of the current user. Users of affected Autodesk software are at risk.

📋 TL;DR

CVE-2025-6637 is an out-of-bounds write vulnerability in Autodesk products that allows arbitrary code execution when parsing malicious PRT files. Attackers can exploit this to crash applications, corrupt data, or execute code with the privileges of the current user. Users of affected Autodesk software are at risk.

💻 Affected Systems

Products:

Autodesk Access
Other Autodesk products that parse PRT files

Versions: Specific versions not detailed in advisory; check vendor advisory for exact ranges

Operating Systems: Windows, macOS, Linux (if supported)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in PRT file parsing functionality; all installations that process PRT files are affected unless patched.

📦 What is this software?

Shared Components by Autodesk

View all CVEs affecting Shared Components →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crashes and denial of service, with potential for limited code execution in targeted attacks.

🟢

If Mitigated

Application crash with no data loss if proper sandboxing and privilege separation are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open malicious PRT files; no authentication needed for file parsing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Autodesk advisory ADSK-SA-2025-0015 for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015

Restart Required: Yes

Instructions:

1. Visit the Autodesk security advisory. 2. Identify affected products and versions. 3. Download and install the latest updates from Autodesk. 4. Restart affected applications and systems.

🔧 Temporary Workarounds

Block PRT file extensions

all

Prevent processing of PRT files at network or endpoint level

User education on file handling

all

Train users to avoid opening PRT files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to restrict execution of vulnerable Autodesk binaries
Deploy endpoint detection and response (EDR) solutions to monitor for suspicious file parsing activity

🔍 How to Verify

Check if Vulnerable:

Check installed Autodesk product versions against the vendor advisory; if using affected versions and processing PRT files, assume vulnerable.

Check Version:

Check within Autodesk application: Help → About or use system-specific package management commands.

Verify Fix Applied:

Verify installed Autodesk product versions match or exceed patched versions listed in the advisory.

📡 Detection & Monitoring

Log Indicators:

Application crashes related to PRT file parsing
Unexpected process termination of Autodesk applications

Network Indicators:

Inbound PRT file transfers to endpoints with Autodesk software

SIEM Query:

EventID: 1000 (Application Error) with Autodesk process names OR File creation events with .prt extension

📊 Metadata

CVE ID: CVE-2025-6637

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.03% exploit probability (6.6th percentile)

Published: July 29, 2025

Last Updated: August 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6637, you might also want to check these: