216.73.217.86

CVE-2025-10021

· Published 22/12/2025 16:15 · Modified 23/12/2025 14:51

Labels: CVE-2025-10021 2025-12-228a9629cb-c5e7-4d2a-a894-111e8039b7eaCVE-2025-10021

Essential information

Published
22/12/2025 16:15
Modified
23/12/2025 14:51
Author
Creator
CVSS
7.0 HIGH (v3) 7.0 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects across translation units (Static Initialization Order Fiasco), the application accesses uninitialized memory. This results in application crash on startup, causing denial of service. Due to undefined behavior,  memory corruption and potential arbitrary code execution cannot be ruled out in specific exploitation scenarios.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
8a9629cb-c5e7-4d2a-a894-111e8039b7ea
NVD
View on NVD

References