Home

Description

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

PUBLISHED Reserved 2024-12-04 | Published 2024-12-17 | Updated 2025-08-26 | Assigner autodesk




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status
unaffected

2025 (custom) before 2025.4
affected

Default status
unaffected

2025 (custom) before 2025.4
affected

Default status
unaffected

2025 (custom) before 2025.4
affected

References

www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027

cve.org (CVE-2024-12194)

nvd.nist.gov (CVE-2024-12194)

Download JSON