CVE-2022-25791

EUVD-2022-30431
A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
autodeskadvance_steel
2019 ≤
𝑥
< 2019.1.4
autodeskadvance_steel
2020 ≤
𝑥
< 2020.1.5
autodeskadvance_steel
2021 ≤
𝑥
< 2021.1.2
autodeskadvance_steel
2022 ≤
𝑥
< 2022.1.2
autodeskautocad
2019 ≤
𝑥
< 2019.1.4
autodeskautocad
2020 ≤
𝑥
< 2020.1.5
autodeskautocad
2021 ≤
𝑥
< 2021.1.2
autodeskautocad
2022 ≤
𝑥
< 2022.1.2
autodeskautocad
2022 ≤
𝑥
< 2022.2.2
autodeskautocad_architecture
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_architecture
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_architecture
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_architecture
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_electrical
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_electrical
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_electrical
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_electrical
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_lt
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_lt
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_lt
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_lt
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_map_3d
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_map_3d
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_map_3d
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_map_3d
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_mechanical
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_mechanical
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_mechanical
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_mechanical
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_mep
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_mep
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_mep
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_mep
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_plant_3d
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_plant_3d
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_plant_3d
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_plant_3d
2022 ≤
𝑥
< 2022.1.2
autodeskcivil_3d
2019 ≤
𝑥
< 2019.1.4
autodeskcivil_3d
2020 ≤
𝑥
< 2020.1.5
autodeskcivil_3d
2021 ≤
𝑥
< 2021.1.2
autodeskcivil_3d
2022 ≤
𝑥
< 2022.1.2
autodesknavisworks
2022 ≤
𝑥
< 2022.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005