Autodesk Navisworks Manage 2026 Untrusted Search Path (adsk-sa-2025-0014)

high Nessus Plugin ID 243272

Synopsis

The remote host is missing a security update.

Description

The version of Autodesk Navisworks Manage installed on the remote host may be affected by a vulnerability as referenced in the adsk-sa-2025-0014 advisory.

- A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized. (CVE-2025-5039)

Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

See vendor advisory.

See Also

https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014

Plugin Details

Severity: High

ID: 243272

File Name: autodesk_navisworks_manage_adsk-sa-2025-0014.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 8/1/2025

Updated: 8/1/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-5039

CVSS v3

Risk Factor: High

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:autodesk:navisworks_manage

Required KB Items: SMB/Registry/Enumerated, installed_sw/Autodesk Navisworks Manage

Patch Publication Date: 7/24/2025

Vulnerability Publication Date: 7/24/2025

Reference Information

CVE: CVE-2025-5039

IAVA: 2025-A-0553