CVE-2025-5039

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

Published: Jul 24, 2025
Updated: Jul 25, 2025
CVE: CVE-2025-5039
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
autodesk / infrastructure_parts_editor	2026	2026.0.2
autodesk / inventor	2026	2026.0.2
autodesk / navisworks_manage	2026	2026.0.2
autodesk / navisworks_simulate	2026	2026.0.2
autodesk / revit	2026	2026.0.2
autodesk / vault	2026	2026.0.2

https://www.autodesk.com/products/autodesk-access/overview
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014

Vulnerability Database

CVE-2025-5039