AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Autodesk |
|
Configuration 1 [-]
| AND |
|
No data.
No data.
References
History
Fri, 19 Dec 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Autodesk 3ds Max
Autodesk advance Steel Autodesk autocad Autodesk autocad Architecture Autodesk autocad Electrical Autodesk autocad Map 3d Autodesk autocad Mechanical Autodesk autocad Mep Autodesk autocad Plant 3d Autodesk civil 3d Autodesk infraworks Autodesk inventor Autodesk revit Autodesk revit Lt Autodesk vault |
|
| CPEs | cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:* cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:* cpe:2.3:a:autodesk:shared_components:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:* |
|
| Vendors & Products |
Autodesk 3ds Max
Autodesk advance Steel Autodesk autocad Autodesk autocad Architecture Autodesk autocad Electrical Autodesk autocad Map 3d Autodesk autocad Mechanical Autodesk autocad Mep Autodesk autocad Plant 3d Autodesk civil 3d Autodesk infraworks Autodesk inventor Autodesk revit Autodesk revit Lt Autodesk vault |
Tue, 16 Dec 2025 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 15 Dec 2025 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | |
| Title | X_T File Parsing Out-of-Bounds Write Vulnerability | |
| First Time appeared |
Autodesk
Autodesk shared Components |
|
| Weaknesses | CWE-787 | |
| CPEs | cpe:2.3:a:autodesk:shared_components:2026.5:*:*:*:*:*:*:* | |
| Vendors & Products |
Autodesk
Autodesk shared Components |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: autodesk
Published:
Updated: 2025-12-17T04:55:38.107Z
Reserved: 2025-09-23T15:29:50.560Z
Link: CVE-2025-10882
Vulnrichment
Updated: 2025-12-16T16:15:59.699Z
NVD
Status : Analyzed
Published: 2025-12-16T00:15:59.993
Modified: 2025-12-19T14:40:50.563
Link: CVE-2025-10882
Redhat
No data.
OpenCVE Enrichment
No data.