{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1274", "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "state": "PUBLISHED", "assignerShortName": "autodesk", "dateReserved": "2025-02-13T15:16:29.531Z", "datePublished": "2025-04-15T20:58:04.157Z", "dateUpdated": "2025-08-19T12:47:32.541Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Revit", "vendor": "Autodesk", "versions": [{"lessThan": "2025.4.1", "status": "affected", "version": "2025", "versionType": "custom"}, {"lessThan": "2024.3.2", "status": "affected", "version": "2024", "versionType": "custom"}, {"lessThan": "2023.1.7", "status": "affected", "version": "2023", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.<br>"}], "value": "A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-Bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk", "dateUpdated": "2025-08-19T12:47:32.541Z"}, "references": [{"tags": ["patch"], "url": "https://www.autodesk.com/products/autodesk-access/overview"}, {"tags": ["vendor-advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0007"}], "source": {"discovery": "EXTERNAL"}, "title": "RCS File Parsing Out-of-Bounds Write Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-1274"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-18T03:55:38.039Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1274", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-16T13:42:31.830845Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T13:42:41.461Z"}}], "cna": {"title": "RCS File Parsing Out-of-Bounds Write Vulnerability", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*"], "vendor": "Autodesk", "product": "Revit", "versions": [{"status": "affected", "version": "2025", "lessThan": "2025.4.1", "versionType": "custom"}, {"status": "affected", "version": "2024", "lessThan": "2024.3.2", "versionType": "custom"}, {"status": "affected", "version": "2023", "lessThan": "2023.1.7", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.autodesk.com/products/autodesk-access/overview", "tags": ["patch"]}, {"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0007", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", "supportingMedia": [{"type": "text/html", "value": "A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-Bounds Write"}]}], "providerMetadata": {"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk", "dateUpdated": "2025-08-19T12:47:32.541Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1274", "state": "PUBLISHED", "dateUpdated": "2025-08-19T12:47:32.541Z", "dateReserved": "2025-02-13T15:16:29.531Z", "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "datePublished": "2025-04-15T20:58:04.157Z", "assignerShortName": "autodesk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EA52EB6-C7F7-4CAF-9932-6E434F6AF08F", "versionEndExcluding": "2023.1.7", "versionStartIncluding": "2023", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F61D5DA-0CBA-4A14-8CD4-154FFE14E70C", "versionEndExcluding": "2024.3.2", "versionStartIncluding": "2024", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", "matchCriteriaId": "4229BAB4-AE43-43E3-89ED-1E19445482E1", "versionEndExcluding": "2025.4.1", "versionStartIncluding": "2025", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."}, {"lang": "es", "value": "Un archivo RCS manipulado con fines maliciosos, al analizarse mediante Autodesk Revit, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."}], "id": "CVE-2025-1274", "lastModified": "2025-08-19T13:15:39.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@autodesk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-15T21:15:47.083", "references": [{"source": "psirt@autodesk.com", "url": "https://www.autodesk.com/products/autodesk-access/overview"}, {"source": "psirt@autodesk.com", "tags": ["Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0007"}], "sourceIdentifier": "psirt@autodesk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "psirt@autodesk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}