Vulnerability DatabaseCVE-2025-5039

CVE-2025-5039:
HashiCorp Vault vulnerability analysis and mitigation

Overview

CVE-2025-5039 is a security vulnerability discovered in multiple Autodesk applications, disclosed on July 24, 2025. The vulnerability affects various Autodesk products including Infrastructure Parts Editor, Inventor, Navisworks Manage, Navisworks Simulate, Revit, and Vault versions 2026 up to (excluding) 2026.0.2 (NVD).

Technical details

The vulnerability is classified as CWE-426 (Untrusted Search Path) with a CVSS v3.1 base score of 7.8 (HIGH). The attack vector is Local (L), with Low attack complexity (L), requiring No privileges (N) but needs User interaction (R). The scope is Unchanged (U) with High impact on Confidentiality (H), Integrity (H), and Availability (H) (NVD).

Impact

When successfully exploited, this vulnerability could lead to execution of arbitrary code in the context of the current process. The high CVSS score indicates severe potential impacts on system confidentiality, integrity, and availability (NVD).

Mitigation and workarounds

Autodesk has addressed this vulnerability in version 2026.0.2 of the affected products. Users are advised to update to this version or later to mitigate the risk (NVD).

Additional resources

Source: This report was generated using AI

Related HashiCorp Vault vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-33186	CRITICAL	9.1	cAdvisor	kube-vip-cloud-provider-0.0.10	No	Yes	Mar 20, 2026
CVE-2026-27137	HIGH	7.5	Grafana	gitlab-runner-18.6	No	Yes	Mar 06, 2026
CVE-2026-27142	MEDIUM	6.1	cAdvisor	velero-plugin-for-csi	No	Yes	Mar 06, 2026
CVE-2026-27138	MEDIUM	5.9	HashiCorp Vault	weaviate-fips-1.32	No	Yes	Mar 06, 2026
CVE-2026-27139	LOW	2.5	cAdvisor	goose-fips	No	Yes	Mar 06, 2026