CVE-2025-4605

A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.

CVSS

No CVSS.

References

Link	Resource
https://github.com/Autodesk/3dsmax-usd
https://github.com/Autodesk/maya-usd
https://www.autodesk.com/products/autodesk-access/overview
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0011	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autodesk:maya::::::::
	cpe:2.3:a:autodesk:universal_scene_description:0.10:::::3ds_max::
	cpe:2.3:a:autodesk:universal_scene_description:0.31.0:::::maya::

History

19 Aug 2025, 14:15

Type	Values Removed	Values Added
References		() https://www.autodesk.com/products/autodesk-access/overview - () https://github.com/Autodesk/3dsmax-usd - () https://github.com/Autodesk/maya-usd -
CVSS	v2 : ~~unknown~~ v3 : ~~6.6~~	v2 : unknown v3 : unknown

30 Jul 2025, 17:32

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 6.6
References	~~() https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0011 -~~	() https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0011 - Vendor Advisory
CWE		CWE-770
First Time		Autodesk universal Scene Description Autodesk Autodesk maya
CPE		cpe:2.3:a:autodesk:universal_scene_description:0.10:::::3ds_max:: cpe:2.3:a:autodesk:universal_scene_description:0.31.0:::::maya:: cpe:2.3:a:autodesk:maya::::::::

11 Jun 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-11 14:15

Updated : 2025-08-19 14:15

NVD link : CVE-2025-4605

Mitre link : CVE-2025-4605

JSON object : View

Products Affected

autodesk

universal_scene_description
maya

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

JSON object

Attach tags to CVE-2025-4605

Attach tags to `CVE-2025-4605`