{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-5039","assignerOrgId":"7e40ea87-bc65-4944-9723-dd79dd760601","state":"PUBLISHED","assignerShortName":"autodesk","dateReserved":"2025-05-21T13:00:59.147Z","datePublished":"2025-07-24T17:11:14.714Z","dateUpdated":"2026-05-28T19:50:20.274Z"},"containers":{"cna":{"providerMetadata":{"orgId":"7e40ea87-bc65-4944-9723-dd79dd760601","shortName":"autodesk","dateUpdated":"2026-05-28T19:50:20.274Z"},"title":"Privilege Ecalation due to Untrusted Search Path Vulnerability","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-426","description":"CWE-426 Untrusted Search Path","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-38","descriptions":[{"lang":"en","value":"CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}],"affected":[{"vendor":"Autodesk","product":"AutoCAD","versions":[{"status":"affected","version":"2026","lessThan":"2026.1","versionType":"custom"}],"defaultStatus":"unaffected","cpes":["cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*"]},{"vendor":"Autodesk","product":"AutoCAD LT","versions":[{"status":"affected","version":"2026","lessThan":"2026.1","versionType":"custom"}],"defaultStatus":"unaffected","cpes":["cpe:2.3:a:autodesk:autocad_lt:2026:*:*:*:*:*:*:*"]},{"vendor":"Autodesk","product":"RealDWG","versions":[{"status":"affected","version":"2026","lessThan":"2026.0.2","versionType":"custom"}],"defaultStatus":"unaffected","cpes":["cpe:2.3:a:autodesk:realdwg:2026:*:*:*:*:*:*:*"]},{"vendor":"Autodesk","product":"3ds Max","versions":[{"status":"affected","version":"2027","lessThan":"2027.1","versionType":"custom"},{"status":"affected","version":"2026","lessThan":"2026.3.3","versionType":"custom"}],"defaultStatus":"unaffected","cpes":["cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*","cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.","supportingMedia":[{"type":"text/html","base64":false,"value":"A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.<br>"}]}],"references":[{"url":"https://www.autodesk.com/products/autodesk-access/overview","tags":["patch"]},{"url":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014","tags":["vendor-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":7.8,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-5039","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-07-25T03:55:31.845753Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:50:15.076Z"}}]}}