Skip to main content
CVE Vulnerability Database

CVE-2025-9453: Autodesk Shared Components Buffer Overflow

CVE-2025-9453 is a buffer overflow vulnerability in Autodesk Shared Components caused by malicious PRT files. Attackers can exploit this to crash systems, access sensitive data, or execute code remotely. This article covers technical details, affected versions, impact assessment, and mitigation strategies.

Published:

CVE-2025-9453 Overview

CVE-2025-9453 is an out-of-bounds read vulnerability [CWE-125] affecting Autodesk Shared Components and multiple Autodesk products. The flaw is triggered when a maliciously crafted PRT file is parsed by an affected application. An attacker who convinces a user to open a weaponized file can crash the process, read sensitive process memory, or execute arbitrary code in the context of the current user. The vulnerability affects the 2026 release line across AutoCAD, Revit, Inventor, 3ds Max, Civil 3D, InfraWorks, and related products that share the same parsing component.

Critical Impact

Arbitrary code execution in the user context through a single crafted PRT file, with broad impact across the Autodesk 2026 product portfolio.

Affected Products

  • Autodesk Shared Components and AutoCAD 2026 (including Architecture, Electrical, Map 3D, Mechanical, MEP, Plant 3D)
  • Autodesk Revit 2026, Revit LT 2026, Inventor 2026, 3ds Max 2026, Civil 3D 2026, Advance Steel 2026
  • Autodesk InfraWorks 2026 and Autodesk Vault 2026

Discovery Timeline

  • 2025-12-16 - CVE-2025-9453 published to NVD
  • 2025-12-19 - Last updated in NVD database

Technical Details for CVE-2025-9453

Vulnerability Analysis

The vulnerability resides in the shared parser used by Autodesk products to process PRT (part) files. When the parser reads structured data from the file, it fails to validate that an offset or length value stays within the allocated buffer. As a result, the code reads memory beyond the intended boundary [CWE-125].

Depending on the memory layout at the time of parsing, the out-of-bounds read can return adjacent heap contents, function pointers, or other sensitive structures. Attackers can chain this primitive with other memory corruption techniques to achieve arbitrary code execution. At minimum, the condition produces a process crash and may leak data that defeats Address Space Layout Randomization (ASLR).

Root Cause

The root cause is missing bounds validation in the PRT file parser within Autodesk Shared Components. Length or index fields embedded in the file are trusted without verification against the actual buffer size, allowing reads past the end of the allocation.

Attack Vector

Exploitation requires local file access and user interaction. An attacker delivers the crafted PRT file through email, a shared design repository, a supplier exchange, or a malicious web download. When the victim opens the file in an affected Autodesk application, the parser triggers the out-of-bounds read. No elevated privileges are required, and code runs with the privileges of the user opening the file.

No verified public proof-of-concept code is currently available for CVE-2025-9453. See the Autodesk Security Advisory ADSK-SA-2025-0024 for vendor-supplied technical context.

Detection Methods for CVE-2025-9453

Indicators of Compromise

  • Unexpected crashes of acad.exe, revit.exe, inventor.exe, 3dsmax.exe, or other Autodesk binaries shortly after opening a PRT file.
  • Windows Error Reporting (WER) entries citing access violations in Autodesk Shared Components modules.
  • Inbound PRT files from untrusted email senders, external file-sharing links, or unverified supplier portals.

Detection Strategies

  • Monitor process telemetry for Autodesk applications spawning unexpected child processes such as cmd.exe, powershell.exe, or rundll32.exe after opening a PRT file.
  • Hunt for PRT files arriving via email gateways or file-sharing services and correlate with subsequent Autodesk process activity.
  • Inspect endpoint logs for crash dumps generated by Autodesk binaries paired with recent file-open events.

Monitoring Recommendations

  • Track installed Autodesk product versions across the fleet and flag any 2026-line releases that lack the vendor patch.
  • Alert on Autodesk applications loading unsigned DLLs or making outbound network connections immediately after a file-open event.
  • Forward Windows Application and WER logs from CAD workstations to a centralized analytics platform for correlation.

How to Mitigate CVE-2025-9453

Immediate Actions Required

  • Apply the updates listed in Autodesk Security Advisory ADSK-SA-2025-0024 to all affected 2026 products.
  • Inventory engineering workstations running AutoCAD, Revit, Inventor, 3ds Max, Civil 3D, InfraWorks, and Vault 2026, and prioritize patching those that handle external files.
  • Instruct designers and engineers to avoid opening PRT files received from untrusted or unverified sources until patches are deployed.

Patch Information

Autodesk has published fixes through the Autodesk Access updater and individual product release notes referenced in advisory ADSK-SA-2025-0024. Update Autodesk Shared Components alongside each affected product to ensure the patched parser is loaded.

Workarounds

  • Restrict PRT file ingestion to vetted internal repositories and supplier channels with content inspection.
  • Apply application allow-listing rules that block child-process creation from Autodesk binaries.
  • Run Autodesk applications under standard user accounts to limit the impact of successful exploitation.
bash
# Example: block Autodesk binaries from spawning shells via Windows Defender Application Control / AppLocker
# Review Autodesk product installation paths and adjust per environment before deploying.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.