Privilege Ecalation due to Untrusted Search Path Vulnerability_CVE-2025-5039

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

Basic Information

ID CVE-2025-5039

Source autodesk

Published Jul 24, 2025 at 17:11

Modified Jul 25, 2025 at 03:55

Affected Product

Vendor Autodesk

Product RealDWG

Version 2026

Affected Versions Autodesk RealDWG 2026

CWE Classification

CWE-426

References

www.autodesk.com /trust/security-advisories/adsk-sa-2025-0014

{
    "lastseen": "",
    "description": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.",
    "published": "2025-07-24T17:11:14.714Z",
    "modified": "2025-07-25T03:55:30.703Z",
    "type": "cve",
    "title": "Privilege Ecalation due to Untrusted Search Path Vulnerability",
    "source": "autodesk",
    "references": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014",
    "id": "CVE-2025-5039",
    "bulletinFamily": "",
    "cwe": [
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "Autodesk RealDWG 2026",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RealDWG",
    "version": "2026",
    "vendor": "Autodesk",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}