Home

Description

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

PUBLISHED Reserved 2025-07-30 | Published 2025-09-23 | Updated 2025-10-06 | Assigner autodesk




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-843 Type Confusion

Product status

Default status
unaffected

2026 (custom) before 2026.3
affected

2024 (custom) before 2024.3.4
affected

Default status
unaffected

2026 (custom) before 2026.3
affected

2024 (custom) before 2024.3.4
affected

References

www.autodesk.com/products/autodesk-access/overview patch

www.autodesk.com/trust/security-advisories/adsk-sa-2025-0021 vendor-advisory

cve.org (CVE-2025-8354)

nvd.nist.gov (CVE-2025-8354)

Download JSON