CVE-2025-9458 Overview
CVE-2025-9458 is a memory corruption vulnerability affecting Autodesk Shared Components and a broad range of Autodesk 2026 products. The flaw is triggered when an affected application parses a maliciously crafted PRT file. Successful exploitation allows an attacker to execute arbitrary code in the context of the current user process. The vulnerability is categorized under [CWE-122] Heap-based Buffer Overflow and [CWE-787] Out-of-bounds Write. Exploitation requires local access and user interaction, typically convincing a victim to open a weaponized file in a vulnerable Autodesk product.
Critical Impact
A crafted PRT file processed by an affected Autodesk product can corrupt heap memory and lead to arbitrary code execution within the user's session.
Affected Products
- Autodesk Shared Components 2026.3
- Autodesk AutoCAD 2026 and AutoCAD verticals (Architecture, Electrical, Map 3D, Mechanical, MEP, Plant 3D)
- Autodesk 3ds Max 2026, Advance Steel 2026, Civil 3D 2026, InfraWorks 2026, Inventor 2026, Revit 2026, Revit LT 2026, and Vault 2026
Discovery Timeline
- 2025-11-07 - CVE-2025-9458 published to NVD
- 2026-01-22 - Last updated in NVD database
Technical Details for CVE-2025-9458
Vulnerability Analysis
The vulnerability resides in the file parsing logic shared across multiple Autodesk 2026 products through the Autodesk Shared Components library. When the parser processes a malformed PRT (Part) file, it performs an out-of-bounds write on the heap, corrupting adjacent memory structures. An attacker who controls the crafted file content can shape the corruption to overwrite function pointers, virtual table entries, or other control-flow data. This leads to arbitrary code execution in the security context of the user running the Autodesk application. Because the vulnerable code lives in a shared component, a single defect surfaces across the entire Autodesk 2026 product line, broadening the attack surface across engineering, architecture, and manufacturing workflows.
Root Cause
The defect maps to two related weaknesses: [CWE-122] Heap-based Buffer Overflow and [CWE-787] Out-of-bounds Write. The parser fails to validate length or structural fields inside the PRT file before writing data into a heap-allocated buffer. Malformed records cause the write index to exceed the allocated bounds, corrupting heap metadata or adjacent objects.
Attack Vector
The attack vector is local and requires user interaction. An attacker delivers a crafted PRT file through email, shared project folders, or third-party model exchanges. When a user opens or imports the file in an affected Autodesk product, the parser triggers the memory corruption. No elevated privileges are required, but successful execution inherits the user's permissions. Detailed exploitation specifics are restricted by Autodesk. Refer to the Autodesk Security Advisory ADSK-SA-2025-0019 for vendor-supplied technical details.
Detection Methods for CVE-2025-9458
Indicators of Compromise
- Unexpected crashes, hangs, or Watson/WER reports originating from Autodesk processes such as acad.exe, revit.exe, inventor.exe, or 3dsmax.exe while opening PRT files.
- PRT files arriving from untrusted email senders, external file shares, or non-corporate cloud storage and being opened by CAD users.
- Child processes spawned by Autodesk applications that launch command interpreters such as cmd.exe, powershell.exe, or rundll32.exe.
Detection Strategies
- Monitor endpoint telemetry for anomalous child process creation from Autodesk binaries, which is uncommon during normal CAD operations.
- Inspect file gateways and email security tools for PRT attachments and apply sandbox detonation against an instrumented Autodesk environment.
- Correlate Autodesk application crash events with subsequent network connections or persistence activity on the same host.
Monitoring Recommendations
- Enable Windows Error Reporting collection and forward crash dumps from CAD workstations to a central analysis pipeline.
- Track installed versions of Autodesk Shared Components and 2026 product builds across the fleet to identify unpatched hosts.
- Alert on writes to user-writable autorun locations (Run keys, Startup folders, scheduled tasks) initiated by Autodesk process trees.
How to Mitigate CVE-2025-9458
Immediate Actions Required
- Apply the fixed versions referenced in Autodesk Security Advisory ADSK-SA-2025-0019 to all affected 2026 products and the Shared Components package.
- Instruct CAD users to refuse PRT files received from untrusted sources until patching is complete.
- Inventory endpoints running Autodesk 2026 products and prioritize patch deployment on workstations that routinely import third-party model files.
Patch Information
Autodesk has published fixed builds in Autodesk Security Advisory ADSK-SA-2025-0019. Updates are distributed through Autodesk Access and the Autodesk Account portal. Apply the listed Shared Components 2026.3 update and the corresponding 2026 product hotfixes.
Workarounds
- Block or quarantine inbound PRT attachments at the email gateway and on managed file-share locations until all endpoints are patched.
- Run Autodesk products under standard, non-administrative user accounts to limit the impact of code execution within the process context.
- Use application allowlisting to prevent Autodesk processes from spawning script interpreters or unsigned binaries.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
