CVE-2024-12192 HIGH

CVE-2024-12192: DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

Vendor Autodesk

Product Navisworks Freedom

Weakness CWE-787

Published December 17, 2024

Last update August 26, 2025

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Key dates

02Disclosure timeline

December 17, 2024 CVE published

August 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-12192

Related vulnerabilities

Identifiers

CVE CVE-2024-12192

CWE CWE-787

CVSS 7.8 / HIGH

Affected versions

Vendor Autodesk

Product Navisworks Freedom

Affected ≥ 2025 and < 2025.4

Vendor Autodesk

Product Navisworks Simulate

Affected ≥ 2025 and < 2025.4

Vendor Autodesk

Product Navisworks Manage

Affected ≥ 2025 and < 2025.4

CVE-2024-12192: DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

01Description

02Disclosure timeline

03References

04Related CVE