CVE-2025-9456 Overview
CVE-2025-9456 is a memory corruption vulnerability affecting Autodesk Shared Components and multiple Autodesk products that parse SolidWorks Part (.SLDPRT) files. A maliciously crafted SLDPRT file triggers an out-of-bounds write [CWE-787] when parsed by the affected applications. An attacker who convinces a user to open a weaponized file can execute arbitrary code in the context of the current process. The flaw impacts the 2026 release line of AutoCAD, Revit, Inventor, 3ds Max, Civil 3D, and several other products that rely on the shared parsing components.
Critical Impact
Successful exploitation allows arbitrary code execution in the user's process context, enabling credential theft, lateral movement, or deployment of follow-on payloads across engineering workstations.
Affected Products
- Autodesk Shared Components, AutoCAD 2026, and AutoCAD vertical products (Architecture, Electrical, Map 3D, Mechanical, MEP, Plant 3D)
- Autodesk Revit 2026, Revit LT 2026, Inventor 2026, Civil 3D 2026, and Advance Steel 2026
- Autodesk 3ds Max 2026, InfraWorks 2026, and Vault 2026
Discovery Timeline
- 2025-12-16 - CVE-2025-9456 published to NVD
- 2026-01-22 - Last updated in NVD database
Technical Details for CVE-2025-9456
Vulnerability Analysis
The vulnerability resides in the SLDPRT file parser within Autodesk Shared Components. SLDPRT is the native part file format used by SolidWorks, which Autodesk products import for interoperability. When the parser processes a malformed structure inside the file, it writes data outside the bounds of an allocated buffer. This out-of-bounds write [CWE-787] corrupts adjacent heap memory.
Attackers can shape the corruption to overwrite function pointers, virtual table entries, or return addresses. Reliable exploitation in modern Autodesk binaries typically requires combining heap grooming with information leaks to bypass ASLR and DEP. The shared component design amplifies the impact, since a single defective parser propagates to every downstream Autodesk 2026 product that links against it.
Root Cause
The root cause is insufficient validation of length or offset fields embedded in the SLDPRT file structure. The parser trusts attacker-controlled size values and writes to a fixed or undersized destination buffer. Autodesk has not released structural details of the vulnerable routine in the public advisory.
Attack Vector
Exploitation requires local user interaction. A target opens the malicious SLDPRT file through the Autodesk application, typically delivered by email, a shared engineering folder, or a compromised supplier file exchange. No privileges are required beyond those of the user running the application. The resulting code executes with the user's permissions, which on engineering workstations frequently include access to sensitive design data and network shares.
No public proof-of-concept exploit is available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog at the time of publication.
Detection Methods for CVE-2025-9456
Indicators of Compromise
- Unexpected child processes spawned by Autodesk executables such as acad.exe, revit.exe, inventor.exe, or 3dsmax.exe shortly after a SLDPRT file is opened
- Crashes or Windows Error Reporting (WER) entries citing access violations inside Autodesk shared component DLLs
- SLDPRT files arriving from untrusted email senders, external file-sharing links, or supplier portals outside normal engineering workflows
Detection Strategies
- Hunt for process lineage where Autodesk parent processes launch shells (cmd.exe, powershell.exe), script interpreters, or rundll32.exe
- Inspect SLDPRT files at the email gateway and file server for malformed header fields or anomalous size values
- Correlate Autodesk application crashes with subsequent suspicious outbound network connections from the same host
Monitoring Recommendations
- Enable Windows Defender Exploit Guard or equivalent attack surface reduction rules on engineering workstations to log child-process creation by office and CAD applications
- Forward endpoint telemetry, including process creation and module load events, to a centralized analytics platform for retrospective hunting
- Track usage of SLDPRT files across file shares to identify ingress points for externally sourced parts
How to Mitigate CVE-2025-9456
Immediate Actions Required
- Apply the updates referenced in Autodesk Security Advisory ADSK-SA-2025-0024 to all affected 2026 product installations
- Inventory engineering endpoints running Autodesk 2026 products and prioritize patching for systems that routinely import third-party part files
- Instruct users to open SLDPRT files only from trusted internal sources until patches are deployed
Patch Information
Autodesk published advisory ADSK-SA-2025-0024 listing fixed builds for Shared Components and each affected product. Administrators should deploy the updated installers through Autodesk Access or their managed software distribution system. Validate that the Shared Components version reported by the application matches the patched build, since multiple Autodesk products on the same host share these libraries.
Workarounds
- Block inbound SLDPRT attachments at email and web gateways for users who do not require SolidWorks interoperability
- Restrict write access to engineering file shares so that only vetted accounts can introduce new SLDPRT files
- Run Autodesk applications under standard user accounts to limit the blast radius of successful exploitation
# Example: block .sldprt attachments in an Exchange transport rule (PowerShell)
New-TransportRule -Name "Block-SLDPRT-Attachments" \
-AttachmentExtensionMatchesWords "sldprt" \
-RejectMessageReasonText "SLDPRT attachments are quarantined pending CVE-2025-9456 remediation."
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

