CVE-2025-9460 – This vulnerability allows attackers to exploit ... (How to Fix)

Q: What is the severity of CVE-2025-9460?

CVE-2025-9460 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to exploit an out-of-bounds read in Autodesk products when processing malicious SLDPRT files. Successful exploitation could lead to crashes, sensitive data exposure, or arbitrary code execution. Users of affected Autodesk software are at risk.

📋 TL;DR

This vulnerability allows attackers to exploit an out-of-bounds read in Autodesk products when processing malicious SLDPRT files. Successful exploitation could lead to crashes, sensitive data exposure, or arbitrary code execution. Users of affected Autodesk software are at risk.

💻 Affected Systems

Products:

Autodesk Access
Other Autodesk products that parse SLDPRT files

Versions: Specific versions mentioned in Autodesk advisory ADSK-SA-2025-0024

Operating Systems: Windows, macOS, Linux where Autodesk products are supported

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when processing SLDPRT files, which are SolidWorks part files commonly used in CAD workflows.

📦 What is this software?

Shared Components by Autodesk

View all CVEs affecting Shared Components →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the current process, potentially leading to full system compromise.

🟠

Likely Case

Application crash or sensitive memory data leakage, disrupting workflows and exposing confidential information.

🟢

If Mitigated

Limited impact with proper file handling restrictions and security controls in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file, but no authentication is needed once the file is processed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions specified in Autodesk advisory ADSK-SA-2025-0024

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024

Restart Required: Yes

Instructions:

1. Review Autodesk advisory ADSK-SA-2025-0024. 2. Update affected Autodesk products to patched versions. 3. Restart systems after applying updates.

🔧 Temporary Workarounds

Restrict SLDPRT file handling

all

Block or restrict processing of SLDPRT files from untrusted sources

Application sandboxing

all

Run Autodesk applications in restricted environments or with reduced privileges

🧯 If You Can't Patch

Implement strict file handling policies to prevent processing of SLDPRT files from untrusted sources
Use application whitelisting to restrict which applications can open SLDPRT files

🔍 How to Verify

Check if Vulnerable:

Check installed Autodesk product versions against affected versions listed in advisory ADSK-SA-2025-0024

Check Version:

Check version through Autodesk product interface or installation details

Verify Fix Applied:

Verify Autodesk products are updated to patched versions specified in the advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing SLDPRT files
Unusual memory access patterns in application logs

Network Indicators:

Downloads of SLDPRT files from untrusted sources

SIEM Query:

Search for Autodesk application crashes or abnormal termination events

📊 Metadata

CVE ID: CVE-2025-9460

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.03% exploit probability (6.3th percentile)

Published: December 16, 2025

Last Updated: December 19, 2025

🔗 References

https://www.autodesk.com/products/autodesk-access/overview Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9460, you might also want to check these: