CVE-2025-11797 is a Use-After-Free vulnerability classified under CWE-416 found in Autodesk 3ds Max 2026. The flaw arises when the software parses a specially crafted DWG file, leading to improper memory management where freed memory is accessed again. This memory corruption can be exploited by an attacker to cause a denial of service (application crash), leak sensitive information from memory, or execute arbitrary code with the privileges of the running process. The vulnerability requires the victim to open or otherwise process a malicious DWG file, implying user interaction is necessary. No privileges are required to trigger the flaw, but the attacker must have local access or deliver the malicious file through social engineering or compromised file sharing. The CVSS v3.1 score is 7.8 (high), reflecting the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no privileges required. Although no known exploits are publicly reported, the vulnerability poses a significant risk due to the widespread use of Autodesk 3ds Max in professional design and modeling environments. The absence of a patch at the time of disclosure increases the urgency for defensive measures. The vulnerability affects version 2026 specifically, indicating it is a recent introduction or regression. Attackers could leverage this to compromise workstations, steal intellectual property, or disrupt critical design workflows.

For European organizations, the impact of CVE-2025-11797 can be substantial, especially in sectors relying heavily on Autodesk 3ds Max such as architecture, engineering, construction, media production, and manufacturing design. Exploitation could lead to unauthorized disclosure of sensitive design data, intellectual property theft, or disruption of critical design and modeling operations. This could result in financial losses, reputational damage, and delays in project delivery. The ability to execute arbitrary code also raises the risk of broader network compromise if attackers pivot from the affected host. Given the high confidentiality and integrity impact, organizations handling sensitive or proprietary designs are particularly vulnerable. The requirement for user interaction means phishing or social engineering campaigns could be used to deliver the malicious DWG files, increasing the attack surface. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits rapidly after disclosure.

1. Apply official patches from Autodesk as soon as they become available to remediate the vulnerability. 2. Until patches are released, restrict the opening of DWG files from untrusted or unknown sources. Implement strict file validation and scanning for malicious content. 3. Employ application whitelisting and sandboxing to limit the impact of potential exploitation and prevent unauthorized code execution. 4. Educate users on the risks of opening unsolicited or suspicious DWG files, emphasizing caution with email attachments and file downloads. 5. Monitor Autodesk 3ds Max processes for abnormal behavior such as crashes or unexpected network activity that could indicate exploitation attempts. 6. Use endpoint detection and response (EDR) tools to detect and respond to suspicious activities related to this vulnerability. 7. Limit user privileges on workstations running 3ds Max to reduce the potential impact of code execution. 8. Maintain regular backups of critical design files to mitigate data loss from crashes or attacks.