A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
| Vendor | Product | Versions |
|---|---|---|
| Autodesk | AutoCAD | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD Architecture | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD Electrical | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD Mechanical | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD MEP | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD Plant 3D | 2025, 2024, 2023, 2022 |
| Autodesk | Civil 3D | 2025, 2024, 2023, 2022 |
| Autodesk | Advance Steel | 2025, 2024, 2023, 2022 |
| Autodesk | AutoCAD MAP 3D | 2025, 2024, 2023, 2022 |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.