CVE-2025-5335
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-11-13
Assigner: Autodesk
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| autodesk | installer | to 2.15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5335 is a high-severity privilege escalation vulnerability in Autodesk Installer versions 2.13 and earlier. It occurs because the installer uses an untrusted search path, allowing a maliciously crafted binary file, when downloaded and executed, to escalate privileges to NT AUTHORITY/SYSTEM. This means an attacker can execute arbitrary code with elevated system privileges. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to gain system-level privileges (NT AUTHORITY/SYSTEM) on your machine, leading to arbitrary code execution with full control over the system. This can compromise the confidentiality, integrity, and availability of your system and data. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Autodesk Installer to version 2.15 or later, as this version includes the fix for the untrusted search path issue. Additionally, ensure that files are only opened from trusted sources to reduce the risk of executing malicious binaries. There is no need to uninstall or reinstall Autodesk products to apply the fix. [1]