CVE-2025-4605 | THREATINT

Description

A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.

PUBLISHED Reserved 2025-05-12 | Published 2025-06-11 | Updated 2025-08-19 | Assigner autodesk

MEDIUM: 6.6CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Problem types

CWE-789 Memory Allocation with Excessive Size Value

Product status

Default status

unaffected

Maya USD 0.31.0 (custom) before Maya USD 0.32.0

affected

Default status

unaffected

Max USD 0.10 (custom) before Max USD 0.11

affected

Default status

unaffected

2025 (custom) before 2025.3.1

affected

References

github.com/Autodesk/maya-usd patch

github.com/Autodesk/3dsmax-usd patch

www.autodesk.com/products/autodesk-access/overview patch

www.autodesk.com/trust/security-advisories/adsk-sa-2025-0011 vendor-advisory

cve.org (CVE-2025-4605)

nvd.nist.gov (CVE-2025-4605)

Download JSON