A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
History

Tue, 26 Aug 2025 17:30:00 +0000

Type Values Removed Values Added
References

Tue, 26 Aug 2025 17:00:00 +0000

Type Values Removed Values Added
References

Thu, 08 May 2025 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*

Mon, 09 Dec 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Autodesk
Autodesk revit
CPEs cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk revit
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 09 Dec 2024 18:00:00 +0000

Type Values Removed Values Added
Description A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
Title Untrusted Search Path vulnerability in Autodesk Revit
Weaknesses CWE-426
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published:

Updated: 2025-08-28T14:35:08.803Z

Reserved: 2024-11-19T20:14:29.710Z

Link: CVE-2024-11454

cve-icon Vulnrichment

Updated: 2024-12-09T18:07:31.165Z

cve-icon NVD

Status : Modified

Published: 2024-12-09T18:15:22.400

Modified: 2025-08-26T17:15:33.900

Link: CVE-2024-11454

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.