### Critical Vulnerability Information #### Vulnerability Overview - **Autodesk ID**: ASGK-SA-2025-0015 - **Product/Service/Component**: Autodesk 3ds Max - **Impact**: Out-of-Bounds Read, Out-of-Bounds Write, Memory Corruption - **Severity**: High (CVE-2025-6633, CVE-2025-6634), Medium (CVE-2025-6632) - **Original Release Date**: 08/06/2025 - **Last Revised Date**: 08/06/2025 #### Vulnerability Description - **CVE-2025-6632**: A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can trigger an Out-of-Bounds Read vulnerability. Attackers can exploit this vulnerability to cause crashes, read sensitive data, or execute arbitrary code within the current process context. - **CVE-2025-6633**: A maliciously crafted TGA file, when processed by Autodesk 3ds Max, can trigger an Out-of-Bounds Write vulnerability. Attackers can exploit this vulnerability to cause crashes, corrupt data, or execute arbitrary code within the current process context. - **CVE-2025-6634**: A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can trigger a Memory Corruption vulnerability. Attackers can exploit this vulnerability to execute arbitrary code within the current process context. #### Affected Products - **Product**: Autodesk 3ds Max - **Affected Versions**: 2025 - **Mitigated Versions**: 2025.2 #### Recommended Actions - Autodesk strongly recommends that users of affected products install the latest mitigated product version, available via Autodesk Access or Accounts Portal. - Best practice: Users should only open files from trusted sources. #### Acknowledgments - Thank you to Frances Prewscher (PRA) for reporting the issues related to CVE-2025-6632, CVE-2025-6633, and CVE-2025-6634, and for collaborating with Autodesk to protect users.