CVE-2025-1659 DWFX File Parsing Out-of-Bounds Read Vulnerability

🗓️ 01 Apr 2025 12:28:06Reported by autodeskType

Out-of-Bounds Read vulnerability in DWFX files parsed by Autodesk Navisworks can expose sensitive data.

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2025-1659	1 Apr 202513:15	–	attackerkb
Tenable Nessus	Autodesk Navisworks Freedom 25.0.x < 2025.5 Multiple Vulnerabilities (adsk-sa-2025-0002)	10 Apr 202500:00	–	nessus
Tenable Nessus	Autodesk Navisworks Manage 25.0.x < 2025.5 Multiple Vulnerabilities (adsk-sa-2025-0002)	10 Apr 202500:00	–	nessus
Tenable Nessus	Autodesk Navisworks Simulate 25.0.x < 2025.5 Multiple Vulnerabilities (adsk-sa-2025-0002)	10 Apr 202500:00	–	nessus
BDU FSTEC	The vulnerability of the DWFX software file used for viewing 3D models and project documents in Autodesk Navisworks Freedom; the software for modeling and analyzing 3D models in Autodesk Navisworks Simulate; and the software for analyzing, coordinating, and verifying 3D models and project data in Autodesk Navisworks Manage, allows a malicious individual to execute arbitrary code.	9 Jul 202500:00	–	bdu_fstec
Circl	CVE-2025-1659	1 Apr 202513:05	–	circl
CNNVD	Autodesk Navisworks 缓冲区错误漏洞	1 Apr 202500:00	–	cnnvd
CVE	CVE-2025-1659	1 Apr 202512:28	–	cve
EUVD	EUVD-2025-9306	3 Oct 202520:07	–	euvd
NVD	CVE-2025-1659	1 Apr 202513:15	–	nvd

[
  {
    "cpes": [
      "cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Navisworks Freedom",
    "vendor": "Autodesk",
    "versions": [
      {
        "lessThan": "2025.5",
        "status": "affected",
        "version": "2025",
        "versionType": "custom"
      }
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Navisworks Simulate",
    "vendor": "Autodesk",
    "versions": [
      {
        "lessThan": "2025.5",
        "status": "affected",
        "version": "2025",
        "versionType": "custom"
      }
    ]
  },
  {
    "cpes": [
      "cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Navisworks Manage",
    "vendor": "Autodesk",
    "versions": [
      {
        "lessThan": "2025.5",
        "status": "affected",
        "version": "2025",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
autodesk	www.autodesk.com/products/autodesk-access/overview
autodesk	www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002

19 Aug 2025 13:13Current

CVSS 3.17.8

EPSS0.00255

CWE-125