CVE-2022-25796

HIGH

Autodesk Navisworks < 2022.2 - Double Free

Title source: rule

Description

A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

References (1)

[Vendor Advisory] https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005

Scores

CVSS v3 7.8

EPSS 0.0042

EPSS Percentile 61.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (1)

autodesk/navisworks < 2022.2

Timeline

Published Apr 11, 2022

Tracked Since Feb 18, 2026