CVE-2025-9456 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2025-9456?

CVE-2025-9456 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious SLDPRT files in affected Autodesk products. The memory corruption occurs during file parsing, enabling code execution within the current process context. Users of vulnerable Autodesk software are affected.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious SLDPRT files in affected Autodesk products. The memory corruption occurs during file parsing, enabling code execution within the current process context. Users of vulnerable Autodesk software are affected.

💻 Affected Systems

Products:

Autodesk Access
Other Autodesk products that parse SLDPRT files

Versions: Specific versions mentioned in advisory ADSK-SA-2025-0024

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations that process SLDPRT files through vulnerable Autodesk software are affected.

📦 What is this software?

Shared Components by Autodesk

View all CVEs affecting Shared Components →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or malware installation when users open malicious files from untrusted sources.

🟢

If Mitigated

Limited impact with proper file validation and user awareness preventing malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious files. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions specified in Autodesk Security Advisory ADSK-SA-2025-0024

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024

Restart Required: Yes

Instructions:

1. Visit the Autodesk Security Advisory page
2. Identify affected products and versions
3. Download and install the latest patches
4. Restart affected applications

🔧 Temporary Workarounds

File Validation Restriction

all

Block or quarantine SLDPRT files from untrusted sources using email filters and endpoint protection.

Application Hardening

windows

Run Autodesk software with reduced privileges using application control policies.

🧯 If You Can't Patch

Implement strict file validation policies to block SLDPRT files from external sources
Use application sandboxing or virtualization for Autodesk software

🔍 How to Verify

Check if Vulnerable:

Check installed Autodesk software versions against the advisory's vulnerable version list.

Check Version:

Check via Autodesk product 'About' dialog or system documentation

Verify Fix Applied:

Verify patch installation through Autodesk product version checks and ensure no security alerts.

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes in Autodesk applications
Suspicious file parsing errors
Unusual memory allocation patterns

Network Indicators:

Downloads of SLDPRT files from untrusted sources
Outbound connections from Autodesk processes to suspicious IPs

SIEM Query:

Process:autodesk.exe AND (EventID:1000 OR FileExtension:.sldprt)

📊 Metadata

CVE ID: CVE-2025-9456

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.02% exploit probability (5.2th percentile)

Published: December 16, 2025

Last Updated: January 22, 2026

🔗 References

https://www.autodesk.com/products/autodesk-access/overview Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9456, you might also want to check these: