CVE-2025-9454 – CVE-2025-9454 is an out-of-bounds read vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-9454?

CVE-2025-9454 has a CVSS score of 7.8 (HIGH). CVE-2025-9454 is an out-of-bounds read vulnerability in Autodesk products that parse PRT files. Attackers can exploit this to crash applications, read sensitive memory, or potentially execute arbitrary code. Users of affected Autodesk software are at risk when opening malicious PRT files.

📋 TL;DR

CVE-2025-9454 is an out-of-bounds read vulnerability in Autodesk products that parse PRT files. Attackers can exploit this to crash applications, read sensitive memory, or potentially execute arbitrary code. Users of affected Autodesk software are at risk when opening malicious PRT files.

💻 Affected Systems

Products:

Autodesk Access
Other Autodesk products that parse PRT files

Versions: Specific versions not detailed in provided references; check vendor advisory for exact ranges.

Operating Systems: Windows, macOS, Linux (if supported)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing malicious PRT files; exact product list may be broader than referenced.

📦 What is this software?

Shared Components by Autodesk

View all CVEs affecting Shared Components →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crashes and potential information disclosure through memory reads.

🟢

If Mitigated

Limited impact with proper file validation and least privilege controls.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but could be delivered via email or web downloads.

🏢 Internal Only: MEDIUM - Similar risk profile internally, though attack surface may be smaller.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file; memory corruption may be challenging to weaponize for RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024

Restart Required: Yes

Instructions:

1. Review Autodesk advisory ADSK-SA-2025-0024. 2. Update affected Autodesk products to latest patched versions. 3. Restart systems after patching.

🔧 Temporary Workarounds

Block PRT file extensions

all

Prevent processing of PRT files via email filters or endpoint controls.

User awareness training

all

Educate users not to open PRT files from untrusted sources.

🧯 If You Can't Patch

Restrict PRT file execution via application control policies
Implement network segmentation to limit lateral movement potential

🔍 How to Verify

Check if Vulnerable:

Check installed Autodesk product versions against patched versions in vendor advisory.

Check Version:

Varies by product; typically check 'About' in application or use vendor-specific commands.

Verify Fix Applied:

Confirm product version matches or exceeds patched version listed in advisory.

📡 Detection & Monitoring

Log Indicators:

Application crashes related to PRT file parsing
Unexpected memory access errors in application logs

Network Indicators:

Inbound PRT files from untrusted sources
Unusual outbound connections after PRT file processing

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName contains 'Autodesk' AND FileExtension='.prt'

📊 Metadata

CVE ID: CVE-2025-9454

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.03% exploit probability (6.3th percentile)

Published: December 16, 2025

Last Updated: December 19, 2025

🔗 References

https://www.autodesk.com/products/autodesk-access/overview Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9454, you might also want to check these: