{ "document" : { "aggregate_severity" : { "text" : "mittel" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "AutoCAD ist Teil der CAD (Computer Aided Design) Produktpalette von Autodesk.\r\nAutodesk 3ds Max ist eine 3D-Modellierungs-, Animations- und Rendering-Software.\r\nAutodesk Civil 3D ist eine Software für die Detailplanung und Dokumentation im Tief- und Infrastrukturbau.\r\nAutodesk InfraWorks ist eine Software für die Modellierung und Visualisierung von Infrastrukturprojekten im Kontext der realen Welt.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Autodesk AutoCAD, Autodesk 3ds Max, Autodesk Civil 3D und Autodesk InfraWorks ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Daten zu manipulieren, und um Informationen offenzulegen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Sonstiges\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2025-2847 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2847.json" }, { "category" : "self", "summary" : "WID-SEC-2025-2847 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2847" }, { "category" : "external", "summary" : "Autodesk Trust Center Security advisory vom 2025-12-15", "url" : "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024" } ], "source_lang" : "en-US", "title" : "Autodesk AutoCAD: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2025-12-17T23:00:00.000+00:00", "generator" : { "date" : "2025-12-18T08:20:32.062+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2025-2847", "initial_release_date" : "2025-12-15T23:00:00.000+00:00", "revision_history" : [ { "date" : "2025-12-15T23:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2025-12-17T23:00:00.000+00:00", "number" : "2", "summary" : "Referenz(en) aufgenommen: ZDI-25-1135, ZDI-CAN-27960, ZDI-25-1114, ZDI-CAN-27966, ZDI-25-1111, ZDI-CAN-27974, ZDI-25-1112, ZDI-CAN-27973, ZDI-25-1113, ZDI-CAN-27967, ZDI-25-1115, ZDI-CAN-27961, ZDI-25-1116, ZDI-CAN-27964, ZDI-25-1117, ZDI-CAN-27963, ZDI-25-1118, ZDI-CAN-27972, ZDI-25-1119, ZDI-CAN-27971, ZDI-25-1123, ZDI-CAN-28421, ZDI-25-1122, ZDI-CAN-28179, ZDI-25-1121, ZDI-CAN-28180, ZDI-25-1120, ZDI-CAN-27970, ZDI-25-1105, ZDI-CAN-28181, ZDI-25-1106, ZDI-CAN-28128, ZDI-25-1107, ZDI-CAN-28127, ZDI-25-1108, ZDI-CAN-28126, ZDI-25-1109, ZDI-CAN-28120, ZDI-25-1110, ZDI-CAN-27998" } ], "status" : "final", "version" : "2" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<2026.5", "product" : { "name" : "Autodesk 3ds Max <2026.5", "product_id" : "T049436" } }, { "category" : "product_version", "name" : "2026.5", "product" : { "name" : "Autodesk 3ds Max 2026.5", "product_id" : "T049436-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:autodesk:3ds_max:2026.5" } } } ], "category" : "product_name", "name" : "3ds Max" }, { "branches" : [ { "category" : "product_version_range", "name" : "<2026.5", "product" : { "name" : "Autodesk AutoCAD <2026.5", "product_id" : "T049435" } }, { "category" : "product_version", "name" : "2026.5", "product" : { "name" : "Autodesk AutoCAD 2026.5", "product_id" : "T049435-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:autodesk:autocad:2026.5" } } } ], "category" : "product_name", "name" : "AutoCAD" }, { "branches" : [ { "category" : "product_version_range", "name" : "<2026.5", "product" : { "name" : "Autodesk Civil 3D <2026.5", "product_id" : "T049437" } }, { "category" : "product_version", "name" : "2026.5", "product" : { "name" : "Autodesk Civil 3D 2026.5", "product_id" : "T049437-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:autodesk:civil_3d:2026.5" } } } ], "category" : "product_name", "name" : "Civil 3D" }, { "branches" : [ { "category" : "product_version_range", "name" : "<2026.5", "product" : { "name" : "Autodesk InfraWorks <2026.5", "product_id" : "T049438" } }, { "category" : "product_version", "name" : "2026.5", "product" : { "name" : "Autodesk InfraWorks 2026.5", "product_id" : "T049438-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:autodesk:infraworks:2026.5" } } } ], "category" : "product_name", "name" : "InfraWorks" } ], "category" : "vendor", "name" : "Autodesk" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2025-10881", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-10881" }, { "cve" : "CVE-2025-10882", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-10882" }, { "cve" : "CVE-2025-10883", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-10883" }, { "cve" : "CVE-2025-10884", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-10884" }, { "cve" : "CVE-2025-10886", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-10886" }, { "cve" : "CVE-2025-10887", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-10887" }, { "cve" : "CVE-2025-10888", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-10888" }, { "cve" : "CVE-2025-10889", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-10889" }, { "cve" : "CVE-2025-10898", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-10898" }, { "cve" : "CVE-2025-10899", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-10899" }, { "cve" : "CVE-2025-10900", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-10900" }, { "cve" : "CVE-2025-14593", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-14593" }, { "cve" : "CVE-2025-9452", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-9452" }, { "cve" : "CVE-2025-9453", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-9453" }, { "cve" : "CVE-2025-9454", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-9454" }, { "cve" : "CVE-2025-9455", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-9455" }, { "cve" : "CVE-2025-9456", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-9456" }, { "cve" : "CVE-2025-9457", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-9457" }, { "cve" : "CVE-2025-9459", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-9459" }, { "cve" : "CVE-2025-9460", "product_status" : { "known_affected" : [ "T049438", "T049437", "T049436", "T049435" ] }, "release_date" : "2025-12-15T23:00:00.000+00:00", "title" : "CVE-2025-9460" } ] }