What is CVE-2025-5039?

CVE-2025-5039 is a high-severity vulnerability in Autodesk 3ds Max, classified under Untrusted Search Path. CVSS score: 7.8/10. Published 2025-07-24.

How severe is CVE-2025-5039?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2025-5039 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Autodesk 3ds Max

CVE-2025-5039

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

EPSS: 0.001 (32.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Autodesk 3ds Max — versions 2027, 2026
Autodesk Advance Steel — versions 2026
Autodesk Autocad — versions 2026
Autodesk Autocad Architecture — versions 2026
Autodesk Autocad Electrical — versions 2026
Autodesk Autocad Lt — versions 2026
Autodesk Autocad Map 3d — versions 2026
Autodesk Autocad Mechanical — versions 2026
Autodesk Autocad Mep — versions 2026
Autodesk Autocad Plant 3d — versions 2026

Weakness classification (CWE)

CWE-426 — Untrusted Search Path

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.autodesk.com/products/autodesk-access/overview (patch)
www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014 (vendor-advisory)

Frequently asked questions

What is CVE-2025-5039?: CVE-2025-5039 is a high-severity vulnerability in Autodesk 3ds Max, classified under Untrusted Search Path. CVSS score: 7.8/10. Published 2025-07-24.
How severe is CVE-2025-5039?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2025-5039 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.