CVE-2025-10244 is a high-severity stored Cross-Site Scripting (XSS) vulnerability identified in Autodesk Fusion desktop application version 2602.1.25. This vulnerability arises when a maliciously crafted HTML payload is stored and later rendered by the application, allowing an attacker to execute arbitrary code or read local files within the context of the current process. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 score of 8.7 reflects a high impact, with an attack vector of network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L) and user interaction (UI:R), and scope change (S:C). The impact on confidentiality and integrity is high, while availability is not affected. Exploitation requires the attacker to have some level of privileges on the system and trick the user into interacting with the malicious payload, which could be embedded in shared project files or collaboration features within Autodesk Fusion. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the ability to execute arbitrary code, potentially leading to local system compromise or data exfiltration. The lack of available patches at the time of publication necessitates immediate attention from users and administrators of Autodesk Fusion to mitigate potential exploitation.

For European organizations, especially those in engineering, manufacturing, and design sectors relying on Autodesk Fusion for CAD and collaborative projects, this vulnerability could lead to unauthorized access to sensitive design files and intellectual property. The ability to execute arbitrary code could allow attackers to move laterally within corporate networks, escalate privileges, or implant persistent malware. Given the collaborative nature of Autodesk Fusion, malicious payloads could propagate through shared files or project repositories, increasing the attack surface. The confidentiality breach could result in loss of competitive advantage and regulatory non-compliance, particularly under GDPR if personal data is involved. The integrity of design data could be compromised, leading to flawed products or safety risks. While availability is not directly impacted, the indirect consequences of exploitation could disrupt business operations and damage reputation.

1. Immediately restrict Autodesk Fusion usage to trusted users and networks until a patch is available. 2. Implement strict input validation and sanitization on any data imported into Autodesk Fusion, especially from external collaborators. 3. Employ application whitelisting and endpoint protection solutions capable of detecting anomalous code execution within Autodesk Fusion processes. 4. Educate users about the risks of interacting with untrusted files or links within the application to reduce the risk of triggering the vulnerability. 5. Monitor network and host logs for unusual activity related to Autodesk Fusion processes, including unexpected file reads or code execution attempts. 6. Coordinate with Autodesk for timely updates and apply patches as soon as they are released. 7. Consider isolating Autodesk Fusion environments using virtualization or containerization to limit potential damage from exploitation. 8. Review and tighten access controls and privileges for users of Autodesk Fusion to minimize the impact of compromised accounts.