A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
| Vendor | Product | Versions |
|---|---|---|
| Autodesk | AutoCAD | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD Architecture | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD Electrical | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD Mechanical | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD MEP | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD Plant 3D | 2025, 2024, 2023, 2022 |
| Autodesk | Civil 3D | 2025, 2024, 2023, 2022 |
| Autodesk | Advance Steel | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD MAP 3D | 2025, 2024, 2023, 2022 |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.