CVE-2022-25789

Q: What is the severity of CVE-2022-25789?

CVE-2022-25789 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in Autodesk AutoCAD allows malicious DWF, 3DS, and DWFX files to trigger memory corruption. Successful exploitation could lead to arbitrary code execution in the context of the current user. This affects AutoCAD 2019-2022 users who open untrusted CAD files.

7.8 HIGH

📋 TL;DR

A use-after-free vulnerability in Autodesk AutoCAD allows malicious DWF, 3DS, and DWFX files to trigger memory corruption. Successful exploitation could lead to arbitrary code execution in the context of the current user. This affects AutoCAD 2019-2022 users who open untrusted CAD files.

💻 Affected Systems

Products:

Autodesk AutoCAD

Versions: 2019, 2020, 2021, 2022

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with affected versions are vulnerable when opening DWF, 3DS, or DWFX files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution with user privileges, potentially leading to lateral movement, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or application crash when users open malicious CAD files from untrusted sources.

🟢

If Mitigated

Application crash without code execution if memory protections are enabled, but denial of service still occurs.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious files; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via email or shared drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious file; exploitation depends on bypassing memory protections.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest updates for affected versions (check specific version numbers in advisory)

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005

Restart Required: Yes

Instructions:

1. Open AutoCAD. 2. Go to Autodesk Desktop App or AutoCAD's update mechanism. 3. Check for and install available updates. 4. Restart AutoCAD after installation.

🔧 Temporary Workarounds

Block suspicious file extensions

all

Use application control or email filtering to block DWF, 3DS, and DWFX files from untrusted sources.

User awareness training

all

Train users not to open CAD files from unknown or untrusted sources.

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized AutoCAD execution
Use sandboxing or virtualization to isolate AutoCAD when opening untrusted files

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version: Open AutoCAD → Help → About → Compare version against affected ranges (2019-2022).

Check Version:

In AutoCAD command line: (getvar "acadver")

Verify Fix Applied:

Verify version is updated beyond vulnerable releases and check for security update installation in update history.

📡 Detection & Monitoring

Log Indicators:

Application crashes in AutoCAD with memory access violations
Unexpected file opens of DWF/3DS/DWFX extensions

Network Indicators:

Unusual outbound connections from AutoCAD process post-file open

SIEM Query:

source="*autocad*" AND (event_id=1000 OR event_id=1001) AND message="*access violation*"

📊 Metadata

CVE ID: CVE-2022-25789

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: April 11, 2022

Last Updated: November 21, 2024

🔗 References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005 Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Lt by Autodesk

Autocad Lt by Autodesk

Autocad Lt by Autodesk

Autocad Lt by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Block suspicious file extensions

User awareness training

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities