First published: Tue Apr 01 2025(Updated: )
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Credit: psirt@autodesk.com
Affected Software | Affected Version | How to fix |
---|---|---|
Autodesk Navisworks |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-1660 has a high severity rating due to its potential to allow arbitrary code execution.
To fix CVE-2025-1660, ensure that you update Autodesk Navisworks to the latest version provided by the vendor.
CVE-2025-1660 requires a user to open a maliciously crafted DWFX file to be exploited, thus it is not a remote exploit.
The impact of CVE-2025-1660 includes the possibility of memory corruption and the execution of arbitrary code.
Currently, there are no known workarounds for CVE-2025-1660, and it is recommended to apply the security update to mitigate the risk.