CVE-2025-9453 – This CVE describes an Out-of-Bounds Read vulner... (How to Fix)

Q: What is the severity of CVE-2025-9453?

CVE-2025-9453 has a CVSS score of 7.8 (HIGH). This CVE describes an Out-of-Bounds Read vulnerability in Autodesk products when parsing malicious PRT files. Attackers can exploit this to crash applications, read sensitive memory data, or potentially execute arbitrary code. Users of affected Autodesk software are at risk.

📋 TL;DR

This CVE describes an Out-of-Bounds Read vulnerability in Autodesk products when parsing malicious PRT files. Attackers can exploit this to crash applications, read sensitive memory data, or potentially execute arbitrary code. Users of affected Autodesk software are at risk.

💻 Affected Systems

Products:

Autodesk Access
Other Autodesk products that parse PRT files

Versions: Specific versions not detailed in provided references; check vendor advisory for exact ranges.

Operating Systems: Windows, macOS, Linux (if supported by affected products)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing PRT files, which may occur through file opening or automated workflows.

📦 What is this software?

Shared Components by Autodesk

View all CVEs affecting Shared Components →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crashes causing denial of service and potential data corruption, with possible information disclosure from memory reads.

🟢

If Mitigated

Application crashes with limited impact if proper network segmentation and least privilege are enforced.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file, but crafting such files may be complex.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions.

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024

Restart Required: Yes

Instructions:

1. Visit the vendor advisory URL for details.
2. Update affected Autodesk products to the latest patched version via official update channels.
3. Restart systems after applying updates.

🔧 Temporary Workarounds

Block PRT file extensions

all

Prevent processing of PRT files at network or endpoint level to reduce attack surface.

User awareness training

all

Educate users to avoid opening PRT files from untrusted sources.

🧯 If You Can't Patch

Implement application whitelisting to restrict execution of vulnerable software.
Use network segmentation to isolate systems running affected software from critical assets.

🔍 How to Verify

Check if Vulnerable:

Check installed Autodesk product versions against the vendor advisory; if unpatched and PRT file parsing is enabled, assume vulnerable.

Check Version:

Check within the Autodesk product's 'About' or 'Help' menu, or use system-specific commands (e.g., on Windows: check installed programs in Control Panel).

Verify Fix Applied:

Confirm Autodesk products are updated to versions listed in the vendor advisory as patched.

📡 Detection & Monitoring

Log Indicators:

Application crash logs from Autodesk products
Unexpected file access to PRT files

Network Indicators:

File transfers of PRT files to affected systems

SIEM Query:

Example: 'source="autodesk_logs" AND (event_type="crash" OR file_extension=".prt")'

📊 Metadata

CVE ID: CVE-2025-9453

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.03% exploit probability (6.3th percentile)

Published: December 16, 2025

Last Updated: December 19, 2025

🔗 References

https://www.autodesk.com/products/autodesk-access/overview Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9453, you might also want to check these: