CVE-2025-5039
HIGHDescription
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
Is your site exposed to CVE-2025-5039?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| autodesk | infrastructure_parts_editor |
| autodesk | inventor |
| autodesk | navisworks_manage |
| autodesk | navisworks_simulate |
| autodesk | revit |
| autodesk | vault |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-5039? +
How severe is CVE-2025-5039? +
What products are affected by CVE-2025-5039? +
How do I check if I'm vulnerable to CVE-2025-5039? +
Related Vulnerabilities
Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges …
Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator …
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to …
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to …
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file …