CVE-2025-5037

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Autodesk Revit and Affected Versions Autodesk Revit (affected versions not specified)

Description Autodesk Revit is susceptible to a flaw related to the parsing of RFA, RTE, and RVT files. A specially crafted malicious file, when processed by Autodesk Revit, can lead to a memory corruption issue. This allows a malicious actor to execute arbitrary code within the context of the current process. The issue stems from insufficient bounds checking during file parsing. The vulnerability can be exploited through RFA files distributed via a supply chain flaw, utilizing advanced Return-Oriented Programming (ROP) techniques. The vulnerability affects the parsing of RFA, RTE, and RVT files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2025-12662

CVE-2025-5037

ZDI-25-592

ZDI-25-593

ZDI-25-594

ZDI-25-595

ZDI-25-597

ZDI-25-603

ZDI-25-645

Affected Products

Autodesk Revit

CVE-2025-5037

Weakness Enumeration

Related Identifiers

Affected Products

References · 20