anonhaven
Ad

CVE-2025-10885

HIGH CVSS 3.1: 7.8 EPSS 0.03%
Updated Nov 12, 2025
Autodesk
Parameter Value
CVSS 7.8 (HIGH)
Affected Versions before 2.19
Fixed In 2.19
Type CWE-250
Vendor Autodesk
Public PoC No

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-250

Vulnerable Products 1

autodesk:installer

Known Affected Software Configurations 1

Configuration From (including) Up to (excluding)
Autodesk Installer
cpe:2.3:a:autodesk:installer:*:*:*:*:*:*:*:*
 2.19

References 2

https://emsfs.autodesk.com/utility/odis/1/installer/latest/AdODIS-installer.exe
psirt@autodesk.com
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0022
psirt@autodesk.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-0536

Autodesk

7.8

CVE-2025-11797

Autodesk

7.8

CVE-2025-11795

Autodesk

7.8

CVE-2025-9458

Autodesk

7.8

CVE-2025-1652

Autodesk

7.8