CVE-2023-25003

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
autodeskCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
autodeskalias
2023 ≤
𝑥
< 2023.1.1
autodeskautocad
2020 ≤
𝑥
< 2020.1.6
autodeskautocad
2021 ≤
𝑥
< 2021.1.3
autodeskautocad
2022 ≤
𝑥
< 2022.1.3
autodeskautocad
2023 ≤
𝑥
< 2023.1.1
autodeskautocad_advance_steel
2020 ≤
𝑥
< 2020.1.6
autodeskautocad_advance_steel
2021 ≤
𝑥
< 2021.1.3
autodeskautocad_advance_steel
2022 ≤
𝑥
< 2022.1.3
autodeskautocad_advance_steel
2023 ≤
𝑥
< 2023.1.1
autodeskautocad_architecture
2020 ≤
𝑥
< 2020.1.6
autodeskautocad_architecture
2021 ≤
𝑥
< 2021.1.3
autodeskautocad_architecture
2022 ≤
𝑥
< 2022.1.3
autodeskautocad_architecture
2023 ≤
𝑥
< 2023.1.1
autodeskautocad_civil_3d
2020 ≤
𝑥
< 2020.1.6
autodeskautocad_civil_3d
2021 ≤
𝑥
< 2021.1.3
autodeskautocad_civil_3d
2022 ≤
𝑥
< 2022.1.3
autodeskautocad_civil_3d
2023 ≤
𝑥
< 2023.1.1
autodeskautocad_electrical
2020 ≤
𝑥
< 2020.1.6
autodeskautocad_electrical
2021 ≤
𝑥
< 2021.1.3
autodeskautocad_electrical
2022 ≤
𝑥
< 2022.1.3
autodeskautocad_electrical
2023 ≤
𝑥
< 2023.1.1
autodeskautocad_lt
2020 ≤
𝑥
< 2020.1.6
autodeskautocad_lt
2021 ≤
𝑥
< 2021.1.3
autodeskautocad_lt
2022 ≤
𝑥
< 2022.1.3
autodeskautocad_lt
2023 ≤
𝑥
< 2023.1.1
autodeskautocad_map_3d
2020 ≤
𝑥
< 2020.1.6
autodeskautocad_map_3d
2021 ≤
𝑥
< 2021.1.3
autodeskautocad_map_3d
2022 ≤
𝑥
< 2022.1.3
autodeskautocad_map_3d
2023 ≤
𝑥
< 2023.1.1
autodeskautocad_mechanical
2020 ≤
𝑥
< 2020.1.6
autodeskautocad_mechanical
2021 ≤
𝑥
< 2021.1.3
autodeskautocad_mechanical
2022 ≤
𝑥
< 2022.1.3
autodeskautocad_mechanical
2023 ≤
𝑥
< 2023.1.1
autodeskautocad_mep
2020 ≤
𝑥
< 2020.1.6
autodeskautocad_mep
2021 ≤
𝑥
< 2021.1.3
autodeskautocad_mep
2022 ≤
𝑥
< 2022.1.3
autodeskautocad_mep
2023 ≤
𝑥
< 2023.1.1
autodeskautocad_plant_3d
2020 ≤
𝑥
< 2020.1.6
autodeskautocad_plant_3d
2021 ≤
𝑥
< 2021.1.3
autodeskautocad_plant_3d
2022 ≤
𝑥
< 2022.1.3
autodeskautocad_plant_3d
2023 ≤
𝑥
< 2023.1.1
autodeskinfraworks
2021 ≤
𝑥
< 2021.2
autodeskinfraworks
2022 ≤
𝑥
< 2022.1
autodeskinfraworks
2023 ≤
𝑥
< 2023.1
autodeskinventor
2021 ≤
𝑥
< 2021.5
autodeskinventor
2022 ≤
𝑥
< 2022.4
autodeskinventor
2023 ≤
𝑥
< 2023.3.1
autodeskmaya_usd
2022 ≤
𝑥
< 2022.5
autodeskmaya_usd
2023 ≤
𝑥
< 2023.3
autodesknavisworks
2022 ≤
𝑥
< 2022.4
autodesknavisworks
2023 ≤
𝑥
< 2023.2
autodeskrevit
2021 ≤
𝑥
< 2021.1.8
autodeskvred
2023 ≤
𝑥
< 2023.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009