{"api_version":"1","generated_at":"2026-04-22T21:39:54+00:00","cve":"CVE-2022-25796","urls":{"html":"https://cve.report/CVE-2022-25796","api":"https://cve.report/api/cve/CVE-2022-25796.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-25796","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-25796"},"summary":{"title":"CVE-2022-25796","description":"A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.","state":"PUBLIC","assigner":"psirt@autodesk.com","published_at":"2022-04-11 20:15:00","updated_at":"2022-04-19 01:30:00"},"problem_types":["CWE-415"],"metrics":[],"references":[{"url":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005","name":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005","refsource":"MISC","tags":[],"title":"Security Advisories | Autodesk Trust Center","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-25796","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25796","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"25796","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"autodesk","cpe5":"navisworks","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2022-25796","ASSIGNER":"psirt@autodesk.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Autodesk Navisworks","version":{"version_data":[{"version_value":"2022.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Double Free"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005","url":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"}]},"description":{"description_data":[{"lang":"eng","value":"A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file."}]}},"nvd":{"publishedDate":"2022-04-11 20:15:00","lastModifiedDate":"2022-04-19 01:30:00","problem_types":["CWE-415"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*","versionStartIncluding":"2022","versionEndExcluding":"2022.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}