CVE-2025-9455 – This vulnerability allows attackers to exploit ... (How to Fix)

Q: What is the severity of CVE-2025-9455?

CVE-2025-9455 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to exploit an out-of-bounds read in Autodesk products when processing malicious CATPRODUCT files. Successful exploitation could lead to crashes, sensitive data exposure, or arbitrary code execution. Users of affected Autodesk software are at risk.

📋 TL;DR

This vulnerability allows attackers to exploit an out-of-bounds read in Autodesk products when processing malicious CATPRODUCT files. Successful exploitation could lead to crashes, sensitive data exposure, or arbitrary code execution. Users of affected Autodesk software are at risk.

💻 Affected Systems

Products:

Autodesk Access
Other Autodesk products that parse CATPRODUCT files

Versions: Specific versions not detailed in provided references; check vendor advisory for exact ranges

Operating Systems: Windows, macOS, Linux (if supported by affected products)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires user interaction to open malicious CATPRODUCT files. Default installations are likely vulnerable.

📦 What is this software?

Shared Components by Autodesk

View all CVEs affecting Shared Components →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the current user, potentially leading to full system compromise.

🟠

Likely Case

Application crash or denial of service, with potential for sensitive information disclosure.

🟢

If Mitigated

Limited impact with proper file validation and user privilege restrictions in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious files. No public exploit code is mentioned in the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory ADSK-SA-2025-0024 for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024

Restart Required: Yes

Instructions:

1. Review Autodesk advisory ADSK-SA-2025-0024. 2. Identify affected products and versions. 3. Update to the latest patched version through Autodesk Access or official download channels. 4. Restart the application after installation.

🔧 Temporary Workarounds

Restrict CATPRODUCT file handling

all

Block or restrict processing of untrusted CATPRODUCT files through application settings or group policies.

User awareness training

all

Educate users to avoid opening CATPRODUCT files from untrusted sources.

🧯 If You Can't Patch

Implement application whitelisting to restrict execution of vulnerable Autodesk software versions.
Use network segmentation to isolate systems running vulnerable software from critical assets.

🔍 How to Verify

Check if Vulnerable:

Check installed Autodesk product versions against the patched versions listed in advisory ADSK-SA-2025-0024.

Check Version:

Within Autodesk application: Help > About or check via Autodesk Access management console.

Verify Fix Applied:

Confirm that Autodesk products are updated to versions specified in the vendor advisory as patched.

📡 Detection & Monitoring

Log Indicators:

Application crash logs related to CATPRODUCT file parsing
Unexpected out-of-bounds read errors in application logs

Network Indicators:

Unusual file transfers of CATPRODUCT files from external sources

SIEM Query:

Example: source="autodesk_logs" AND (event="crash" OR error="out_of_bounds") AND file_extension="CATPRODUCT"

📊 Metadata

CVE ID: CVE-2025-9455

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.03% exploit probability (6.3th percentile)

Published: December 16, 2025

Last Updated: December 19, 2025

🔗 References

https://www.autodesk.com/products/autodesk-access/overview Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9455, you might also want to check these: