CVE-2025-9457 Overview
CVE-2025-9457 is a memory corruption vulnerability affecting Autodesk Shared Components and a wide range of Autodesk products that parse PRT files. A maliciously crafted PRT file, when opened in a vulnerable Autodesk application, triggers memory corruption in the parser. An attacker can leverage this flaw to execute arbitrary code in the context of the current process.
The weakness is classified under [CWE-122] heap-based buffer overflow and [CWE-787] out-of-bounds write. Exploitation requires user interaction, typically by convincing a user to open an attacker-supplied PRT file in a CAD workflow.
Critical Impact
Successful exploitation enables arbitrary code execution in the user's process, allowing attackers to compromise design data, steal intellectual property, or pivot deeper into engineering environments.
Affected Products
- Autodesk Shared Components, AutoCAD 2026, and AutoCAD verticals (Architecture, Electrical, Map 3D, Mechanical, MEP, Plant 3D)
- Autodesk 3ds Max 2026, Advance Steel 2026, Civil 3D 2026, Inventor 2026, InfraWorks 2026
- Autodesk Revit 2026, Revit LT 2026, and Vault 2026
Discovery Timeline
- 2025-12-16 - CVE-2025-9457 published to NVD
- 2026-01-22 - Last updated in NVD database
Technical Details for CVE-2025-9457
Vulnerability Analysis
The vulnerability resides in the shared PRT file parser used across Autodesk's CAD product family. PRT files are a proprietary part/model format processed by Autodesk Shared Components. When the parser processes a malformed PRT structure, it writes data past the bounds of a heap-allocated buffer, corrupting adjacent memory.
Because Autodesk Shared Components is reused by dozens of downstream products, the same defect propagates to AutoCAD, Revit, Inventor, 3ds Max, and other applications listed in the vendor advisory. An attacker who controls the contents of a PRT file can manipulate heap layout to overwrite function pointers, virtual table entries, or object metadata.
Root Cause
The root cause is insufficient validation of size and offset fields within the PRT file structure before the parser copies file-controlled data into heap buffers. This combination of [CWE-122] heap-based buffer overflow and [CWE-787] out-of-bounds write enables controlled memory corruption.
Attack Vector
Exploitation is local and requires user interaction. An attacker delivers a crafted PRT file through email, a shared engineering repository, a supplier deliverable, or a download link. When a user opens or imports the file in any affected Autodesk product, the parser triggers the corruption and the attacker's payload executes with the privileges of the current user.
The vulnerability mechanism is documented in Autodesk Security Advisory ADSK-SA-2025-0024. No public proof-of-concept exploit is currently available, and the EPSS score remains low.
Detection Methods for CVE-2025-9457
Indicators of Compromise
- Unexpected crashes of acad.exe, revit.exe, inventor.exe, 3dsmax.exe, or other Autodesk processes immediately after opening a PRT file
- PRT files received from untrusted external sources, especially via email attachments or unverified file shares
- Autodesk parent processes spawning command interpreters such as cmd.exe, powershell.exe, or rundll32.exe
- Outbound network connections initiated by Autodesk processes shortly after a file is opened
Detection Strategies
- Monitor process creation events where Autodesk binaries are the parent of shell, scripting, or LOLBin processes
- Alert on access violation and heap corruption faults logged by Windows Error Reporting for Autodesk executables
- Inspect email and file-sharing gateways for PRT attachments originating outside trusted engineering partners
- Hunt for newly written executables, DLLs, or scheduled tasks created by Autodesk process trees
Monitoring Recommendations
- Track Autodesk product versions across workstations and flag any installation still at 2026 baseline without the vendor patch applied
- Log all PRT file opens by endpoint EDR and correlate with subsequent child process activity
- Apply application allowlisting policies to restrict what Autodesk child processes are permitted to execute
How to Mitigate CVE-2025-9457
Immediate Actions Required
- Apply the updates listed in Autodesk Security Advisory ADSK-SA-2025-0024 to all affected products
- Use Autodesk Access to inventory installations and deploy fixed builds across the environment
- Instruct engineering and design users to avoid opening PRT files from unverified external sources until patching is complete
- Restrict PRT file ingress at email and collaboration gateways for users who do not require it
Patch Information
Autodesk has published fixed versions of Shared Components and the affected applications under advisory ADSK-SA-2025-0024. Patching the Shared Components library resolves the issue across all dependent Autodesk products. Administrators should verify version strings after deployment to confirm the patched build is active.
Workarounds
- Where patching is delayed, isolate CAD workstations from general user networks and restrict internet access for Autodesk processes
- Enforce least-privilege user accounts so that exploitation does not yield administrative rights
- Use file reputation and sandbox detonation services to inspect PRT files before they reach end-user workstations
- Disable automatic file association handling for PRT files on systems that do not require the format
# Example PowerShell check for installed Autodesk product versions
Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* |
Where-Object { $_.Publisher -like "*Autodesk*" } |
Select-Object DisplayName, DisplayVersion, InstallDate |
Sort-Object DisplayName
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
