Login Sign Up

CVE-2025-9459

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to exploit an out-of-bounds read in Autodesk products when processing malicious SLDPRT files. Successful exploitation could lead to crashes, data leakage, or arbitrary code execution. Users of affected Autodesk software are at risk.

💻 Affected Systems

Products:
  • Autodesk Access
  • Other Autodesk products that parse SLDPRT files
Versions: Specific versions not detailed in provided references; check vendor advisory for exact ranges.
Operating Systems: Windows, macOS, Linux (if supported by affected products)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when parsing SLDPRT files; all configurations that process these files are affected.

📦 What is this software?

Shared Components by Autodesk

View all CVEs affecting Shared Components →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary code execution with the privileges of the current user, potentially leading to full system compromise.

🟠

Likely Case

Application crash or sensitive data disclosure from memory.

🟢

If Mitigated

Application crash with limited data exposure if proper sandboxing and memory protections are enabled.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but could be delivered via email or web downloads.
🏢 Internal Only: MEDIUM - Similar risk profile, though attack vectors may be more limited within internal networks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file; no authentication bypass needed beyond file access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024

Restart Required: Yes

Instructions:

1. Visit the Autodesk Trust Center advisory.
2. Identify affected products and versions.
3. Download and apply the latest updates from Autodesk.
4. Restart the application or system as required.

🔧 Temporary Workarounds

Restrict SLDPRT file handling

all

Block or limit processing of SLDPRT files from untrusted sources.

Use application sandboxing

all

Run Autodesk products in restricted environments to limit impact.

🧯 If You Can't Patch

  • Implement strict file validation and scanning for SLDPRT files before opening.
  • Isolate affected systems from critical networks and data.

🔍 How to Verify

Check if Vulnerable:

Check installed Autodesk product versions against the vendor advisory.

Check Version:

Check within the Autodesk application's 'About' or 'Help' menu for version details.

Verify Fix Applied:

Confirm that the product version matches or exceeds the patched version listed in the advisory.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or unexpected terminations when opening SLDPRT files.
  • Memory access violation errors in application logs.

Network Indicators:

  • Unusual file downloads of SLDPRT extensions from untrusted sources.

SIEM Query:

Search for events where Autodesk processes crash or generate memory violation errors.

📊 Metadata

CVE ID: CVE-2025-9459
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
EPSS Score: 0.03% exploit probability (6.3th percentile)
Published: December 16, 2025
Last Updated: December 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9459, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)