CVE-2025-6633: 
Autodesk 3ds Max vulnerability analysis and mitigation

A vulnerability identified as CVE-2025-6633 was discovered in Autodesk 3ds Max, disclosed on August 6, 2025. The vulnerability involves an Out-of-Bounds Write condition that can be triggered when parsing maliciously crafted RBG files. This security flaw affects Autodesk 3ds Max versions from 2026 up to (but not including) version 2026.2 (NVD).

The vulnerability is classified as an Out-of-Bounds Write (CWE-787) issue. It has received a CVSS v3.1 base score of 8.8 (HIGH) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Autodesk's assessment gives it a slightly lower score of 8.3 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L (NVD).

When successfully exploited, this vulnerability can lead to multiple severe consequences including system crashes, data corruption, or arbitrary code execution within the context of the current process. The high CVSS scores indicate significant potential impact on the confidentiality, integrity, and availability of the affected system (NVD).

Autodesk has addressed this vulnerability in version 2026.2 of 3ds Max. Users are advised to upgrade to this version or later to mitigate the security risk (Autodesk Advisory).