CVE-2024-11454
HighLPE
Published: 09 December 2024
Published
09 December 2024
Modified
26 September 2025
KEV Added
—
Patch
—
CVSS Score v3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.0041
61.8th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2024-11454 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Autodesk Revit. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 38.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-34396
Vulnerability details
A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
autodesk
revit
2025 — 2025.4
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.