Every CVE whose affected-product data names Autodesk Revit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (35)
CVE-2025-8893 — CVSS 7.8 (high): A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious…
CVE-2025-8894 — CVSS 7.8 (high): A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious…
CVE-2021-40161 — CVSS 7.8 (high): A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7…
CVE-2021-40162 — CVSS 7.8 (high): A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries…
CVE-2021-40163 — CVSS 7.8 (high): A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing…
CVE-2021-40164 — CVSS 7.8 (high): A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute…
CVE-2021-40165 — CVSS 7.8 (high): A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer…
CVE-2021-40166 — CVSS 7.8 (high): A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed…
CVE-2022-27871 — CVSS 7.8 (high): Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write…
CVE-2023-25002 — CVSS 7.8 (high): A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may…
CVE-2023-25003 — CVSS 7.8 (high): A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read…
CVE-2023-25004 — CVSS 7.8 (high): A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these…
CVE-2023-29068 — CVSS 7.8 (high): A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in…
CVE-2021-40160 — CVSS 7.8 (high): PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This…
CVE-2024-11454 — CVSS 7.8 (high): A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary…
CVE-2024-11608 — CVSS 7.8 (high): A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor…
CVE-2024-37008 — CVSS 7.8 (high): A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this…
CVE-2024-7993 — CVSS 7.8 (high): A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may…
CVE-2024-7994 — CVSS 7.8 (high): A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage…
CVE-2025-1273 — CVSS 7.8 (high): A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A…
CVE-2025-1274 — CVSS 7.8 (high): A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may…
CVE-2025-1275 — CVSS 7.8 (high): A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability…
CVE-2025-1276 — CVSS 7.8 (high): A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A…
CVE-2025-1277 — CVSS 7.8 (high): A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor…
CVE-2025-1656 — CVSS 7.8 (high): A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A…
CVE-2025-2497 — CVSS 7.8 (high): A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious…
CVE-2025-5036 — CVSS 7.8 (high): A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor…
CVE-2025-5037 — CVSS 7.8 (high): A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious…
CVE-2025-5039 — CVSS 7.8 (high): A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary…
CVE-2025-5040 — CVSS 7.8 (high): A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can…
CVE-2025-5042 — CVSS 7.8 (high): A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can…
CVE-2025-8354 — CVSS 7.8 (high): A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may…
CVE-2026-1288 — CVSS 5.5 (medium): A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer…
CVE-2024-11268 — CVSS 5.5 (medium): A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this…
CVE-2005-4710 — CVSS 4.6 (medium): Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to…