CVE-2025-6635 is an out-of-bounds read vulnerability classified under CWE-125 affecting Autodesk Shared Components version 2026.2. The vulnerability arises when a specially crafted PRT (part) file is linked or imported into Autodesk products that utilize these shared components. The flaw allows a malicious actor to cause the application to read memory beyond the intended buffer boundaries, which can result in application crashes, leakage of sensitive information, or even arbitrary code execution within the context of the affected process. The vulnerability has a CVSS v3.1 base score of 7.8, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and requiring user interaction (UI:R). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Exploitation requires a user to open or import a malicious PRT file, which means social engineering or insider threat vectors are plausible. Although no public exploits are currently known, the potential for severe impact on confidentiality and system integrity makes this vulnerability critical for organizations using Autodesk products in their workflows. The lack of available patches at the time of publication necessitates immediate attention to mitigation strategies.

The vulnerability can lead to significant impacts including application crashes, which may disrupt business operations relying on Autodesk software. More critically, it can allow attackers to read sensitive data from memory, potentially exposing intellectual property, design files, or credentials. The ability to execute arbitrary code elevates the risk to full system compromise, enabling attackers to install malware, move laterally within networks, or exfiltrate data. Organizations in engineering, manufacturing, architecture, and construction sectors that heavily depend on Autodesk products are particularly vulnerable. The local attack vector and requirement for user interaction limit remote exploitation but do not eliminate risk, especially in environments where untrusted files are frequently exchanged. The absence of known exploits in the wild currently reduces immediate threat but does not preclude future exploitation, especially after public disclosure. Overall, the vulnerability poses a high risk to confidentiality, integrity, and availability of affected systems and data.

1. Immediately monitor Autodesk’s official channels for patches or updates addressing CVE-2025-6635 and apply them as soon as they become available. 2. Until patches are released, restrict the import or linking of PRT files from untrusted or unknown sources. 3. Implement strict file validation and scanning mechanisms to detect malformed or suspicious PRT files before processing. 4. Employ application sandboxing or run Autodesk products with least privilege to limit the impact of potential exploitation. 5. Educate users about the risks of opening files from untrusted sources and enforce policies to reduce social engineering risks. 6. Use endpoint detection and response (EDR) tools to monitor for unusual application behavior or crashes that may indicate exploitation attempts. 7. Consider network segmentation to isolate systems running Autodesk software from critical infrastructure to limit lateral movement if compromise occurs. 8. Maintain regular backups of critical design and project files to enable recovery in case of data corruption or ransomware attacks leveraging this vulnerability.