CVE-2025-6634: 
Autodesk 3ds Max vulnerability analysis and mitigation

A memory corruption vulnerability (CVE-2025-6634) was discovered in Autodesk 3ds Max that can be triggered when a maliciously crafted TGA file is linked or imported into the application. The vulnerability was disclosed on August 6, 2025, affecting Autodesk 3ds Max versions from 2026 up to (excluding) 2026.2 (NVD).

The vulnerability is classified as a Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability (CWE-120). It has received a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required for exploitation (NVD).

When successfully exploited, this vulnerability allows malicious actors to execute arbitrary code in the context of the current process, potentially leading to complete system compromise with the same privileges as the running application (NVD).

Users are advised to upgrade to Autodesk 3ds Max version 2026.2 or later to address this vulnerability. The fix has been documented in Autodesk's security advisory ADSK-SA-2025-0016 (Autodesk Advisory).