{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-5039","assignerOrgId":"7e40ea87-bc65-4944-9723-dd79dd760601","state":"PUBLISHED","assignerShortName":"autodesk","dateReserved":"2025-05-21T13:00:59.147Z","datePublished":"2025-07-24T17:11:14.714Z","dateUpdated":"2026-02-26T17:50:15.076Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"AutoCAD","vendor":"Autodesk","versions":[{"lessThan":"2026.1","status":"affected","version":"2026","versionType":"custom"}]},{"cpes":["cpe:2.3:a:autodesk:autocad_lt:2026:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"AutoCAD LT","vendor":"Autodesk","versions":[{"lessThan":"2026.1","status":"affected","version":"2026","versionType":"custom"}]},{"cpes":["cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"AutoCAD Architecture","vendor":"Autodesk","versions":[{"lessThan":"2026.1","status":"affected","version":"2026","versionType":"custom"}]},{"cpes":["cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"AutoCAD Electrical","vendor":"Autodesk","versions":[{"lessThan":"2026.1","status":"affected","version":"2026","versionType":"custom"}]},{"cpes":["cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"AutoCAD Mechanical","vendor":"Autodesk","versions":[{"lessThan":"2026.1","status":"affected","version":"2026","versionType":"custom"}]},{"cpes":["cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"AutoCAD MEP","vendor":"Autodesk","versions":[{"lessThan":"2026.1","status":"affected","version":"2026","versionType":"custom"}]},{"cpes":["cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"AutoCAD Plant 3D","vendor":"Autodesk","versions":[{"lessThan":"2026.1","status":"affected","version":"2026","versionType":"custom"}]},{"cpes":["cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"AutoCAD MAP 3D","vendor":"Autodesk","versions":[{"lessThan":"2026.1","status":"affected","version":"2026","versionType":"custom"}]},{"cpes":["cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Civil 3D","vendor":"Autodesk","versions":[{"lessThan":"2026.1","status":"affected","version":"2026","versionType":"custom"}]},{"cpes":["cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Advance Steel","vendor":"Autodesk","versions":[{"lessThan":"2026.1","status":"affected","version":"2026","versionType":"custom"}]},{"cpes":["cpe:2.3:a:autodesk:realdwg:2026:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"RealDWG","vendor":"Autodesk","versions":[{"lessThan":"2026.0.2","status":"affected","version":"2026","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.<br>"}],"value":"A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized."}],"impacts":[{"capecId":"CAPEC-38","descriptions":[{"lang":"en","value":"CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-426","description":"CWE-426 Untrusted Search Path","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7e40ea87-bc65-4944-9723-dd79dd760601","shortName":"autodesk","dateUpdated":"2025-08-19T13:17:42.116Z"},"references":[{"tags":["patch"],"url":"https://www.autodesk.com/products/autodesk-access/overview"},{"tags":["vendor-advisory"],"url":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014"}],"source":{"discovery":"EXTERNAL"},"title":"Privilege Ecalation due to Untrusted Search Path Vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-5039","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-07-25T03:55:31.845753Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:50:15.076Z"}}]}}