Vulnerability Description
A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects across translation units (Static Initialization Order Fiasco), the application accesses uninitialized memory. This results in application crash on startup, causing denial of service. Due to undefined behavior, memory corruption and potential arbitrary code execution cannot be ruled out in specific exploitation scenarios.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-10021?
CVE-2025-10021 is a documented vulnerability. A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before...
How severe is CVE-2025-10021?
CVSS scoring is not yet available for CVE-2025-10021. Check NVD for updates.
Is there a patch for CVE-2025-10021?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.