CVE-2025-6634: 
Autodesk 3ds Max vulnerability analysis and mitigation

A memory corruption vulnerability (CVE-2025-6634) was discovered in Autodesk 3ds Max that can be triggered when a maliciously crafted TGA file is linked or imported into the application. The vulnerability was disclosed on August 6, 2025, affecting Autodesk 3ds Max versions from 2026 up to (excluding) 2026.2 (NVD, Autodesk Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-120 (Buffer Copy without Checking Size of Input 'Classic Buffer Overflow'). The attack requires local access and user interaction, but no privileges are required to execute the attack (NVD).

If successfully exploited, this vulnerability allows malicious actors to execute arbitrary code in the context of the current process, potentially leading to complete system compromise with the same privileges as the running application. The vulnerability affects confidentiality, integrity, and availability, all rated as High in the CVSS scoring (NVD).

Users should upgrade to Autodesk 3ds Max version 2026.2 or later, as indicated in the vendor advisory. The vulnerability affects versions from 2026 up to (excluding) 2026.2 (Autodesk Advisory).