CVE Alert: CVE-2025-8354 - Autodesk - Revit

CVE-2025-8354

HIGHNo exploitation known

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS v3.1 (7.8)

AV LOCAL · AC LOW · PR NONE · UI REQUIRED · S UNCHANGED

Vendor

Autodesk

Product

Revit

Versions

2026 lt 2026.3

CWE

CWE-843, CWE-843 Type Confusion

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published

2025-09-23T13:20:03.452Z

Updated

2025-09-23T14:00:23.536Z

cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*

References

https://www.autodesk.com/products/autodesk-access/overview

https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0019

AI Summary Analysis

Risk verdict

High risk: a malicious RFA file can trigger a Type Confusion in Revit, potentially allowing arbitrary code execution within the user’s process after user interaction.

Why this matters

AEC workflows rely on open file formats and complex CAD tasks; a successful exploit could compromise a workstation, corrupt project data, or enable further access within the user’s session. In firms with shared design repositories, this can cascade to project integrity issues and delays.

Most likely attack path

Attacker prepares a crafted RFA payload and distributes it via typical file channels or project exchanges; the user opens/imports the file in Revit, triggering local code execution. No privileges beyond the user’s account are required, but the attacker benefits from the victim’s access rights; exploitation is contingent on the user engaging with the payload.

Who is most exposed

Organisations with Autodesk Revit 2026 deployments (pre-2026.3) in Windows-based CAD environments, especially architecture/engineering/construction firms that routinely exchange RFA resources and rely on design workgroups.

Detection ideas

Revit crash dumps or abnormal termination during RFA import.
Unusual memory or process behaviour in Revit.exe following file opening.
New or unexpected RFA files appearing in project directories or shared vaults.
Security alerts tied to anomalous scriptable parsing or code execution attempts in CAD workflows.
Correlation of user reports of unstable project files after receiving external RFA payloads.

Mitigation and prioritisation

Apply vendor patch to fix the RFA parser; move to the latest supported build (2026.3+ where fixed).
Enforce least privilege (non-admin Revit runs), and restrict opening external or untrusted RFA files.
Enable EDR/AV detections for suspicious memory/exception patterns in CAD processes; monitor and quarantine anomalous RFA activity.
Implement application whitelisting and trusted file exchange controls; require staged validation for new RFA assets.
Change-management: test patch in a sandbox, communicate incident response steps to design teams, and align backups for project data integrity.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: autodesk, CVE, cve-2025-8354, OSINT, revit, threatintel