CVE-2025-9452 is an out-of-bounds write vulnerability categorized under CWE-787 affecting Autodesk Shared Components version 2026.0. The vulnerability arises when the software parses a maliciously crafted SLDPRT file, which is a proprietary file format used by Autodesk for 3D part models. The out-of-bounds write leads to memory corruption, which can be exploited by an attacker to execute arbitrary code with the privileges of the current process. The attack vector requires the victim to open or process the malicious SLDPRT file, implying user interaction is necessary. The CVSS v3.1 score of 7.8 reflects high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:R). The impact covers confidentiality, integrity, and availability, as arbitrary code execution can lead to data theft, system manipulation, or denial of service. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be considered a significant risk for Autodesk users. The vulnerability affects the shared components used across multiple Autodesk products, potentially broadening the attack surface within affected environments.

The vulnerability allows attackers to execute arbitrary code, which can compromise the confidentiality, integrity, and availability of systems running Autodesk Shared Components 2026.0. Organizations using Autodesk CAD software in critical design and manufacturing workflows could face intellectual property theft, sabotage of design files, or disruption of operations. Since the vulnerability requires user interaction to open a malicious file, phishing or social engineering could be used to deliver the payload. The broad use of Autodesk products in engineering, architecture, and manufacturing sectors means that exploitation could have cascading effects on supply chains and product development lifecycles. Additionally, compromised systems could be leveraged as footholds for further network intrusion or lateral movement within enterprise environments. The absence of known exploits currently provides a window for proactive mitigation, but the public disclosure increases the risk of future exploitation attempts.

Organizations should implement strict controls on the handling and opening of SLDPRT files, especially those received from untrusted or external sources. Employ sandboxing or isolated environments for opening such files to limit potential damage. Monitor and restrict user permissions to minimize the impact of arbitrary code execution. Use endpoint detection and response (EDR) tools to detect anomalous behavior indicative of exploitation attempts. Autodesk users should stay informed about official patches or updates and apply them promptly once available. Network segmentation can reduce the risk of lateral movement if a system is compromised. Additionally, educating users about the risks of opening unsolicited or suspicious CAD files can reduce the likelihood of successful exploitation. Consider implementing file integrity monitoring and application whitelisting to prevent unauthorized code execution.