CVE-2025-10886
HIGHDescription
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Is your site exposed to CVE-2025-10886?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| autodesk | shared_components |
| autodesk | 3ds_max |
| autodesk | advance_steel |
| autodesk | autocad |
| autodesk | autocad_architecture |
| autodesk | autocad_electrical |
| autodesk | autocad_map_3d |
| autodesk | autocad_mechanical |
| autodesk | autocad_mep |
| autodesk | autocad_plant_3d |
| autodesk | civil_3d |
| autodesk | infraworks |
| autodesk | inventor |
| autodesk | revit |
| autodesk | revit_lt |
| autodesk | vault |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-10886? +
How severe is CVE-2025-10886? +
What products are affected by CVE-2025-10886? +
How do I check if I'm vulnerable to CVE-2025-10886? +
Related Vulnerabilities
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain …
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM …
An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and …
The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” …
A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality …
Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer …