CVE-2025-10021

High CVSS: 7.0

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects across translation units (Static Initialization Order Fiasco), the application accesses uninitialized memory. This results in application crash on startup, causing denial of service. Due to undefined behavior, memory corruption and potential arbitrary code execution cannot be ruled out in specific exploitation scenarios.

Vendor

Product

CWE

CWE-457

Yayın Tarihi

2025-12-22 16:15:43

Güncelleme

2025-12-23 14:51:52

Source Identifier

8a9629cb-c5e7-4d2a-a894-111e8039b7ea

KEV Date Added

Kategoriler

CWE-457 HIGH 2025

Referanslar

https://www.opendesign.com/security-advisories