Cyber Resilience

CVE-2025-5039

HighLPE

Published: 24 July 2025

Published
24 July 2025
Modified
19 August 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0013 33.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-5039 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Autodesk Infrastructure Parts Editor. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 33.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

autodesk
infrastructure parts editor
2026 — 2026.0.2
autodesk
inventor
2026 — 2026.0.2
autodesk
navisworks manage
2026 — 2026.0.2
autodesk
navisworks simulate
2026 — 2026.0.2
autodesk
revit
2026 — 2026.0.2
autodesk
vault
2026 — 2026.0.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References