CVE-2025-8894

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.autodesk.com/products/autodesk-access/overview	Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0018	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:autodesk:advance_steel::::::::
	cpe:2.3:a:autodesk:advance_steel::::::::
	cpe:2.3:a:autodesk:advance_steel::::::::

Configuration 3 (hide)

OR	cpe:2.3:a:autodesk:civil_3d::::::::
	cpe:2.3:a:autodesk:civil_3d::::::::
	cpe:2.3:a:autodesk:civil_3d::::::::

Configuration 4 (hide)

OR	cpe:2.3:a:autodesk:autocad_lt::::::::
	cpe:2.3:a:autodesk:autocad_lt::::::::
	cpe:2.3:a:autodesk:autocad_lt::::::::

Configuration 5 (hide)

OR	cpe:2.3:a:autodesk:revit::::::::
	cpe:2.3:a:autodesk:revit::::::::

Configuration 6 (hide)

OR	cpe:2.3:a:autodesk:autocad::::::::
	cpe:2.3:a:autodesk:autocad::::::::
	cpe:2.3:a:autodesk:autocad::::::::

Configuration 7 (hide)

OR	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::

Configuration 8 (hide)

OR	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::

Configuration 9 (hide)

OR	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::

Configuration 10 (hide)

OR	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::

Configuration 11 (hide)

OR	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::

History

19 Sep 2025, 13:51

Type	Values Removed	Values Added
CPE		cpe:2.3:a:autodesk:civil_3d:::::::: cpe:2.3:a:autodesk:autocad_lt:::::::: cpe:2.3:a:autodesk:autocad_mechanical:::::::: cpe:2.3:a:autodesk:autocad:::::::: cpe:2.3:a:autodesk:autocad_architecture:::::::: cpe:2.3:a:autodesk:revit:::::::: cpe:2.3:a:autodesk:autocad_electrical:::::::: cpe:2.3:a:autodesk:autocad_mep:::::::: cpe:2.3:a:autodesk:advance_steel:::::::: cpe:2.3:a:autodesk:autocad_map_3d:::::::: cpe:2.3:a:autodesk:autocad_plant_3d::::::::
First Time		Autodesk autocad Electrical Autodesk autocad Autodesk Autodesk civil 3d Autodesk autocad Mechanical Autodesk autocad Map 3d Autodesk autocad Architecture Autodesk autocad Mep Autodesk advance Steel Autodesk revit Autodesk autocad Lt Autodesk autocad Plant 3d
References	~~() https://www.autodesk.com/products/autodesk-access/overview -~~	() https://www.autodesk.com/products/autodesk-access/overview - Product
References	~~() https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0018 -~~	() https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0018 - Vendor Advisory

16 Sep 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-16 15:15

Updated : 2025-09-19 13:51

NVD link : CVE-2025-8894

Mitre link : CVE-2025-8894

CVE.ORG link : CVE-2025-8894

JSON object : View

Products Affected

autodesk

revit
autocad_plant_3d
autocad_mep
autocad_map_3d
autocad_architecture
autocad_mechanical
advance_steel
autocad_lt
autocad
civil_3d
autocad_electrical

CWE

CWE-122

Heap-based Buffer Overflow

7.8 /10