CVE-2023-25001

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Autodesk Navisworks versions 2022 through 2023 Autodesk 3dsMax (affected versions not specified)

Description A maliciously crafted SKP file can be used to trigger a use-after-free issue, potentially leading to code execution. This is related to the parsing of SKP files in the affected software. The exploitation of this issue may allow an attacker to execute arbitrary code using a specially crafted file.

Recommendations For Autodesk Navisworks versions 2022 through 2023, consider avoiding the use of SKP files from untrusted sources until a patch is available. For Autodesk 3dsMax, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2023-03090

CVE-2023-25001

ZDI-23-574

ZDI-23-575

ZDI-23-576

ZDI-23-585

Affected Products

Autodesk 3Ds Max

Autodesk Navisworks

CVE-2023-25001

Weakness Enumeration

Related Identifiers

Affected Products

References · 10