Autodesk Revit 2026 < 2026.0.2 Untrusted Search Path (adsk-sa-2025-0014)

high Nessus Plugin ID 243271

Synopsis

The remote host is missing a security update.

Description

The version of Autodesk Revit installed on the remote host is 2026 prior to 2026.0.2. It is, therefore, affected by a vulnerability as referenced in the adsk-sa-2025-0014 advisory.

- A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized. (CVE-2025-5039)

Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade Autodesk Revit version to 2026.0.2 or later.

See Also

https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014

Plugin Details

Severity: High

ID: 243271

File Name: autodesk_revit_ADSK-SA-2025-0014.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 8/1/2025

Updated: 8/1/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-5039

CVSS v3

Risk Factor: High

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:autodesk:revit

Required KB Items: installed_sw/Autodesk Revit

Patch Publication Date: 7/24/2025

Vulnerability Publication Date: 7/24/2025

Reference Information

CVE: CVE-2025-5039

IAVA: 2025-A-0553