CVE-2025-5036

A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS

No CVSS.

References

Link	Resource
https://www.autodesk.com/products/autodesk-access/overview
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0009	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autodesk:revit::::::::
	cpe:2.3:a:autodesk:revit::::::::
	cpe:2.3:a:autodesk:revit::::::::

History

19 Aug 2025, 14:15

Type	Values Removed	Values Added
References		() https://www.autodesk.com/products/autodesk-access/overview -

30 Jul 2025, 17:42

Type	Values Removed	Values Added
First Time		Autodesk Autodesk revit
References	~~() https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0009 -~~	() https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0009 - Vendor Advisory
CPE		cpe:2.3:a:autodesk:revit::::::::

02 Jun 2025, 18:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : unknown
References	~~{'url': 'https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0008', 'name': 'https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0008', 'tags': [], 'refsource': ''}~~	() https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0009 -

02 Jun 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-02 17:15

Updated : 2025-08-19 14:15

NVD link : CVE-2025-5036

Mitre link : CVE-2025-5036

JSON object : View

Products Affected

autodesk

revit

CWE

No CWE.

JSON object

Attach tags to CVE-2025-5036

Attach tags to `CVE-2025-5036`