Skip to main content
CVE Vulnerability Database

CVE-2025-9459: Autodesk Shared Components RCE Vulnerability

CVE-2025-9459 is an RCE flaw in Autodesk Shared Components triggered by malicious SLDPRT files, enabling attackers to execute code or read sensitive data. This article covers technical details, affected versions, and mitigations.

Published:

CVE-2025-9459 Overview

CVE-2025-9459 is an out-of-bounds read vulnerability [CWE-125] affecting Autodesk Shared Components and multiple Autodesk applications that parse SLDPRT files. A maliciously crafted SLDPRT file forces the parser to read memory outside an allocated buffer when processed by a vulnerable Autodesk product.

An attacker who convinces a user to open a malicious SLDPRT file can crash the application, disclose sensitive process memory, or execute arbitrary code in the context of the current user. The vulnerability requires local file access and user interaction to trigger.

Critical Impact

Arbitrary code execution in the user context through a crafted SLDPRT file opened in Autodesk products including AutoCAD, Revit, Inventor, 3ds Max, and Civil 3D 2026.

Affected Products

  • Autodesk Shared Components
  • Autodesk AutoCAD 2026 and AutoCAD vertical products (Architecture, Electrical, Map 3D, Mechanical, MEP, Plant 3D)
  • Autodesk 3ds Max 2026, Advance Steel 2026, Civil 3D 2026, InfraWorks 2026, Inventor 2026, Revit 2026, Revit LT 2026, and Vault 2026

Discovery Timeline

  • 2025-12-16 - CVE-2025-9459 published to the National Vulnerability Database
  • 2025-12-19 - Last updated in NVD database

Technical Details for CVE-2025-9459

Vulnerability Analysis

The flaw resides in the SLDPRT file parsing logic shared across Autodesk products through Autodesk Shared Components. SLDPRT is the native part file format used by SolidWorks, which Autodesk products import for interoperability. The parser fails to validate buffer boundaries when reading structured fields from the file.

When a crafted SLDPRT file is loaded, the parser reads beyond the bounds of an allocated buffer. The over-read can leak adjacent heap memory, corrupt internal state, or be combined with controlled allocations to redirect execution flow. Successful exploitation grants the attacker code execution at the privilege level of the user running the Autodesk application.

Root Cause

The root cause is improper validation of length or offset values embedded within the SLDPRT file structure. The parser trusts attacker-controlled size fields and dereferences pointers beyond the allocated buffer, producing the out-of-bounds read condition tracked under [CWE-125].

Attack Vector

Exploitation requires the victim to open a malicious SLDPRT file in a vulnerable Autodesk product. Attackers typically deliver such files through phishing emails, supplier file exchanges, shared network drives, or compromised CAD repositories. No network access or elevated privileges are required on the target machine.

No public proof-of-concept code is available. Refer to the Autodesk Security Advisory ADSK-SA-2025-0024 for vendor-supplied technical details.

Detection Methods for CVE-2025-9459

Indicators of Compromise

  • Unexpected crashes or WerFault.exe events tied to AutoCAD, Revit, Inventor, 3ds Max, or other Autodesk 2026 processes shortly after opening an SLDPRT file
  • SLDPRT files arriving from untrusted email senders, external file transfer services, or unknown supplier portals
  • Child processes spawned by Autodesk applications that are inconsistent with normal CAD workflows, such as cmd.exe, powershell.exe, or rundll32.exe
  • Outbound network connections initiated by Autodesk processes immediately following file open operations

Detection Strategies

  • Monitor process creation events where the parent is an Autodesk binary and the child is a scripting or shell interpreter
  • Hunt for SLDPRT files written to user download or temp directories followed by Autodesk process execution
  • Alert on memory access violations and unhandled exceptions in Autodesk processes correlated with file open activity

Monitoring Recommendations

  • Forward endpoint telemetry from engineering workstations to a central data lake for correlation across file, process, and network events
  • Track Autodesk application versions across the fleet to confirm patched builds are deployed
  • Review CAD file ingress channels and flag SLDPRT files originating from outside trusted supplier lists

How to Mitigate CVE-2025-9459

Immediate Actions Required

  • Apply the updates referenced in Autodesk Security Advisory ADSK-SA-2025-0024 to all affected 2026 products and Shared Components
  • Restrict opening of SLDPRT files to those received from verified internal or supplier sources
  • Instruct CAD users to avoid double-clicking SLDPRT attachments from email or unknown shared drives
  • Inventory all Autodesk 2026 installations and prioritize patching workstations that routinely import third-party CAD data

Patch Information

Autodesk has published fixed builds for the affected 2026 products. Refer to Autodesk Security Advisory ADSK-SA-2025-0024 for the specific patched versions and download links. Deploy updates through Autodesk Access or your standard software management workflow.

Workarounds

  • Block delivery of SLDPRT files through email gateways until patches are deployed
  • Use a sandboxed or virtualized workstation to open SLDPRT files from external parties
  • Apply application allowlisting to prevent Autodesk processes from spawning shell or scripting interpreters
bash
# Example: enumerate Autodesk product versions on Windows endpoints
Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* |
  Where-Object { $_.Publisher -like "*Autodesk*" } |
  Select-Object DisplayName, DisplayVersion, InstallDate |
  Sort-Object DisplayName

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.