CVE-2025-5039
HIGHAutodesk Infrastructure Parts Editor < 2026.0.2 - Untrusted Search Path
Title source: llmDescription
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
References (2)
Core 2
Core References
Various Sources patch
https://www.autodesk.com/products/autodesk-access/overview
Vendor Advisory vendor-advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014
Scores
CVSS v3
7.8
EPSS
0.0017
EPSS Percentile
6.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-426
Status
published
Products (11)
Autodesk/3ds Max
2026 - 2026.3.3
Autodesk/3ds Max
2027 - 2027.1
Autodesk/AutoCAD
2026 - 2026.1
Autodesk/AutoCAD LT
2026 - 2026.1
autodesk/infrastructure_parts_editor
2026 - 2026.0.2
autodesk/inventor
2026 - 2026.0.2
autodesk/navisworks_manage
2026 - 2026.0.2
autodesk/navisworks_simulate
2026 - 2026.0.2
Autodesk/RealDWG
2026 - 2026.0.2
autodesk/revit
2026 - 2026.0.2
... and 1 more
Published
Jul 24, 2025
Tracked Since
Feb 18, 2026