CVE-2025-5040 RTE File Parsing Heap-Based Overflow Vulnerability

🗓️ 10 Jul 2025 11:31:19Reported by autodeskType

Malicious RTE file parsing in Autodesk Revit causes heap overflow enabling crashes and code execution.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2025-5040	10 Jul 202511:31	–	attackerkb
Tenable Nessus	Autodesk Revit 2023.x < 2023.1.8 / 2024.x < 2024.3.3 / 2025.x < 2025.4.2 / 2026.x < 2026.2 Mutliple Vulnerabilities (ADSK-SA-2025-0012)	17 Jul 202500:00	–	nessus
Circl	CVE-2025-5040	15 Jul 202503:00	–	circl
CNNVD	Autodesk Revit 安全漏洞	10 Jul 202500:00	–	cnnvd
CVE	CVE-2025-5040	10 Jul 202511:31	–	cve
EUVD	EUVD-2025-20991	3 Oct 202520:07	–	euvd
NVD	CVE-2025-5040	10 Jul 202512:15	–	nvd
OSV	CVE-2025-5040	10 Jul 202512:15	–	osv
Positive Technologies	PT-2025-29080 · Autodesk · Autodesk Revit	10 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-5040	12 Jul 202512:23	–	redhatcve

[
  {
    "cpes": [
      "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
      "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*",
      "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*",
      "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Revit",
    "vendor": "Autodesk",
    "versions": [
      {
        "lessThan": "2026.2",
        "status": "affected",
        "version": "2026",
        "versionType": "custom"
      },
      {
        "lessThan": "2025.4.2",
        "status": "affected",
        "version": "2025",
        "versionType": "custom"
      },
      {
        "lessThan": "2024.3.3",
        "status": "affected",
        "version": "2024",
        "versionType": "custom"
      },
      {
        "lessThan": "2023.1.8",
        "status": "affected",
        "version": "2023",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
autodesk	www.autodesk.com/trust/security-advisories/adsk-sa-2025-0012
autodesk	www.autodesk.com/products/autodesk-access/overview

19 Aug 2025 13:17Current

CVSS 3.17.8

EPSS0.0014

CWE-122

cve-2025-5040 autodesk revit rte file vulnerability heap overflow code execution