A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
| Vendor | Product | Versions |
|---|---|---|
| Autodesk | AutoCAD | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD Architecture | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD Electrical | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD Mechanical | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD MEP | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD Plant 3D | 2025, 2024, 2023, 2022 |
| Autodesk | Civil 3D | 2025, 2024, 2023, 2022 |
| Autodesk | Advance Steel | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD MAP 3D | 2025, 2024, 2023, 2022 |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.