{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5039", "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "state": "PUBLISHED", "assignerShortName": "autodesk", "dateReserved": "2025-05-21T13:00:59.147Z", "datePublished": "2025-07-24T17:11:14.714Z", "dateUpdated": "2025-07-25T03:55:30.703Z"}, "containers": {"cna": {"affected": [{"cpe": ["cpe:2.3:a:autodesk:realdwg:2026:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "RealDWG", "vendor": "Autodesk", "versions": [{"lessThan": "2026.0.2", "status": "affected", "version": "2026", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.<br>"}], "value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized."}], "impacts": [{"capecId": "CAPEC-38", "descriptions": [{"lang": "en", "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk", "dateUpdated": "2025-07-24T17:11:14.714Z"}, "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014"}], "source": {"discovery": "EXTERNAL"}, "title": "Privilege Ecalation due to Untrusted Search Path Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-24T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-5039"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-25T03:55:30.703Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5039", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-24T19:21:55.468320Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-24T19:22:17.578Z"}}], "cna": {"title": "Privilege Ecalation due to Untrusted Search Path Vulnerability", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-38", "descriptions": [{"lang": "en", "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpe": ["cpe:2.3:a:autodesk:realdwg:2026:*:*:*:*:*:*:*"], "vendor": "Autodesk", "product": "RealDWG", "versions": [{"status": "affected", "version": "2026", "lessThan": "2026.0.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.", "supportingMedia": [{"type": "text/html", "value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path"}]}], "providerMetadata": {"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk", "dateUpdated": "2025-07-24T17:11:14.714Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5039", "state": "PUBLISHED", "dateUpdated": "2025-07-25T03:55:30.703Z", "dateReserved": "2025-05-21T13:00:59.147Z", "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "datePublished": "2025-07-24T17:11:14.714Z", "assignerShortName": "autodesk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "03EE8BC1-4EC3-49E3-9C1C-CFBD8C531ECD", "versionEndExcluding": "2026.0.2", "versionStartIncluding": "2026", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF7D5DEC-D172-49F2-89AE-9BFC5DFE98A6", "versionEndExcluding": "2026.0.2", "versionStartIncluding": "2026", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E916918-4CF5-4628-BD1B-C6FA94CBB353", "versionEndExcluding": "2026.0.2", "versionStartIncluding": "2026", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5AB26D6-C349-48FB-9A09-C32C987904A8", "versionEndExcluding": "2026.0.2", "versionStartIncluding": "2026", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B92B643-9C29-4604-8967-EB7A238120AB", "versionEndExcluding": "2026.0.2", "versionStartIncluding": "2026", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:vault:*:*:*:*:*:*:*:*", "matchCriteriaId": "AAA7B4A5-345D-47E2-B295-0AF2BE88C19E", "versionEndExcluding": "2026.0.2", "versionStartIncluding": "2026", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized."}, {"lang": "es", "value": "Un archivo binario manipulado con fines malintencionados, cuando est\u00e1 presente durante la carga de archivos en ciertas aplicaciones de Autodesk, podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del proceso actual debido al uso de una ruta de b\u00fasqueda no confiable."}], "id": "CVE-2025-5039", "lastModified": "2025-07-30T17:45:03.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@autodesk.com", "type": "Primary"}]}, "published": "2025-07-24T17:15:32.817", "references": [{"source": "psirt@autodesk.com", "tags": ["Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014"}], "sourceIdentifier": "psirt@autodesk.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "psirt@autodesk.com", "type": "Secondary"}]}

{}