CVE-2025-5039

HIGH 7.8

Privilege Ecalation due to Untrusted Search Path Vulnerability

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

CWE	CWE-426
Vendor	autodesk
Product	autocad
Published	Jul 24, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for autodesk autocad

Be the first to know when new high vulnerabilities affecting autodesk autocad are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Autodesk / AutoCAD

2026 < 2026.1

Autodesk / AutoCAD LT

2026 < 2026.1

Autodesk / AutoCAD Architecture

2026 < 2026.1

Autodesk / AutoCAD Electrical

2026 < 2026.1

Autodesk / AutoCAD Mechanical

2026 < 2026.1

Autodesk / AutoCAD MEP

2026 < 2026.1

Autodesk / AutoCAD Plant 3D

2026 < 2026.1

Autodesk / AutoCAD MAP 3D

2026 < 2026.1

Autodesk / Civil 3D

2026 < 2026.1

Autodesk / Advance Steel

2026 < 2026.1

Autodesk / RealDWG

2026 < 2026.0.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

autodesk.com: https://www.autodesk.com/products/autodesk-access/overview autodesk.com: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014