Cyber Resilience

CVE-2023-25004

High

Published: 27 June 2023

Published
27 June 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0010 28.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-25004 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Autodesk Autocad. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 28.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

autodesk
alias
2023 — 2023.1.1
autodesk
autocad
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad advance steel
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad architecture
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad civil 3d
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad electrical
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad lt
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad map 3d
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad mechanical
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad mep
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
+7 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References