CVE-2025-9454 Overview
CVE-2025-9454 is an out-of-bounds read vulnerability [CWE-125] affecting multiple Autodesk products that parse PRT files. A maliciously crafted PRT file triggers the flaw when opened by an affected application. Attackers can leverage the issue to crash the process, read sensitive memory, or execute arbitrary code in the context of the current user.
The vulnerability spans the Autodesk 2026 product family, including AutoCAD, Revit, Inventor, Civil 3D, and 3ds Max, through the shared components used to parse PRT data. Exploitation requires the victim to open a malicious file locally, classifying this as a client-side file format vulnerability.
Critical Impact
Successful exploitation allows arbitrary code execution within the context of the affected Autodesk process, leading to full compromise of the user session and access to design files and credentials present in memory.
Affected Products
- Autodesk Shared Components, AutoCAD 2026, AutoCAD Architecture 2026, AutoCAD Electrical 2026, AutoCAD Map 3D 2026, AutoCAD Mechanical 2026, AutoCAD MEP 2026, AutoCAD Plant 3D 2026
- Autodesk 3ds Max 2026, Advance Steel 2026, Civil 3D 2026, InfraWorks 2026, Inventor 2026
- Autodesk Revit 2026, Revit LT 2026, Vault 2026
Discovery Timeline
- 2025-12-16 - CVE-2025-9454 published to the National Vulnerability Database (NVD)
- 2025-12-19 - Last updated in NVD database
Technical Details for CVE-2025-9454
Vulnerability Analysis
The vulnerability resides in the PRT file parser used by Autodesk Shared Components. When the parser processes a crafted PRT file, it reads memory beyond the bounds of an allocated buffer. This out-of-bounds read [CWE-125] returns adjacent process memory or causes a faulting access.
Because Shared Components is reused across the Autodesk 2026 portfolio, the same parsing flaw propagates to AutoCAD, Revit, Inventor, 3ds Max, Civil 3D, InfraWorks, Vault, and related products. An attacker who controls the contents of a PRT file can influence the read offset and the data returned to the application.
The outcomes range from process crash to information disclosure of heap memory. In favorable memory layouts, the out-of-bounds read enables subsequent control-flow manipulation that results in arbitrary code execution within the user context.
Root Cause
The root cause is missing or incorrect bounds validation on length or offset fields parsed from the PRT file structure. The parser trusts attacker-controlled size metadata and dereferences memory outside the intended buffer.
Attack Vector
The attack vector is local and requires user interaction. An attacker delivers a malicious PRT file through email, a shared CAD repository, a supplier deliverable, or a compromised collaboration platform. When the target opens the file in an affected Autodesk product, parsing begins automatically and triggers the out-of-bounds read.
No authentication is required against the Autodesk product. The exploit executes with the privileges of the user running the application.
Detection Methods for CVE-2025-9454
Indicators of Compromise
- Unexpected crashes or Windows Error Reporting (WER) entries from Autodesk processes such as acad.exe, revit.exe, inventor.exe, or 3dsmax.exe shortly after opening a PRT file
- PRT files arriving from untrusted external senders, suppliers, or unknown cloud storage links
- Autodesk processes spawning shells (cmd.exe, powershell.exe) or performing network connections immediately after file open events
Detection Strategies
- Monitor file open telemetry for PRT extensions handled by Autodesk binaries and correlate with subsequent child process creation
- Hunt for anomalous memory access faults or module load events inside Autodesk processes using EDR telemetry
- Inspect email and file-share gateways for PRT files originating outside trusted engineering partners
Monitoring Recommendations
- Enable verbose process and image-load logging on engineering workstations running Autodesk 2026 products
- Forward endpoint and application crash telemetry to a centralized SIEM for correlation with PRT file activity
- Track Autodesk Access update status to detect endpoints still running vulnerable 2026 builds
How to Mitigate CVE-2025-9454
Immediate Actions Required
- Apply the fixed builds referenced in Autodesk Security Advisory ADSK-SA-2025-0024 across all affected 2026 products
- Restrict opening PRT files received from external or untrusted sources until patches are deployed
- Audit shared CAD repositories and email gateways for PRT files received during the exposure window
Patch Information
Autodesk has published fixed versions for the affected 2026 product line. Customers should consult Autodesk Security Advisory ADSK-SA-2025-0024 for the specific patched builds and deploy updates through Autodesk Access.
Workarounds
- Block PRT file delivery at email and web gateways for users who do not require external CAD interchange
- Run Autodesk applications under standard user accounts to limit the impact of code execution in process context
- Use application allowlisting to prevent Autodesk processes from spawning interpreters such as cmd.exe or powershell.exe
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

