PDF File Parsing Heap-Based Buffer Overflow Vulnerability_CVE-2025-8894

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Basic Information

ID CVE-2025-8894

Source autodesk

Published Sep 16, 2025 at 14:19

Modified Sep 16, 2025 at 14:40

Affected Product

Vendor Autodesk

Product Revit

Version 2026

Affected Versions Autodesk Revit 2026
Autodesk Revit 2025
Autodesk AutoCAD 2026
Autodesk AutoCAD 2025
Autodesk AutoCAD LT 2026
Autodesk AutoCAD LT 2025
Autodesk AutoCAD Architecture 2026
Autodesk AutoCAD Architecture 2025
Autodesk AutoCAD Electrical 2026
Autodesk AutoCAD Electrical 2025
Autodesk AutoCAD Mechanical 2026
Autodesk AutoCAD Mechanical 2025
Autodesk AutoCAD MEP 2026
Autodesk AutoCAD MEP 2025
Autodesk AutoCAD Plant 3D 2026
Autodesk AutoCAD Plant 3D 2025
Autodesk AutoCAD MAP 3D 2026
Autodesk AutoCAD MAP 3D 2025
Autodesk Civil 3D 2026
Autodesk Civil 3D 2025
Autodesk Advance Steel 2026
Autodesk Advance Steel 2025

CWE Classification

CWE-122

References

{
    "lastseen": "",
    "description": "A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.",
    "published": "2025-09-16T14:19:30.719Z",
    "modified": "2025-09-16T14:40:37.110Z",
    "type": "cve",
    "title": "PDF File Parsing Heap-Based Buffer Overflow Vulnerability",
    "source": "autodesk",
    "references": "https://www.autodesk.com/products/autodesk-access/overview\nhttps://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0018",
    "id": "CVE-2025-8894",
    "bulletinFamily": "",
    "cwe": [
        "CWE-122"
    ],
    "cvelist": null,
    "sourceData": "Autodesk Revit 2026\nAutodesk Revit 2025\nAutodesk AutoCAD 2026\nAutodesk AutoCAD 2025\nAutodesk AutoCAD LT 2026\nAutodesk AutoCAD LT 2025\nAutodesk AutoCAD Architecture 2026\nAutodesk AutoCAD Architecture 2025\nAutodesk AutoCAD Electrical 2026\nAutodesk AutoCAD Electrical 2025\nAutodesk AutoCAD Mechanical 2026\nAutodesk AutoCAD Mechanical 2025\nAutodesk AutoCAD MEP 2026\nAutodesk AutoCAD MEP 2025\nAutodesk AutoCAD Plant 3D 2026\nAutodesk AutoCAD Plant 3D 2025\nAutodesk AutoCAD MAP 3D 2026\nAutodesk AutoCAD MAP 3D 2025\nAutodesk Civil 3D 2026\nAutodesk Civil 3D 2025\nAutodesk Advance Steel 2026\nAutodesk Advance Steel 2025",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Revit",
    "version": "2026",
    "vendor": "Autodesk",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}