Login Sign Up

CVE-2022-25795

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2022-25795 is a memory corruption vulnerability in Autodesk TrueView that allows remote code execution when processing malicious DWG files. Attackers can exploit this by tricking users into opening specially crafted DWG files, potentially gaining control of affected systems. This affects users of Autodesk TrueView 2021 and 2022.

💻 Affected Systems

Products:
  • Autodesk TrueView
Versions: 2021 and 2022 versions
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction to open malicious DWG file. All default installations are vulnerable.

📦 What is this software?

Autocad by Autodesk

View all CVEs affecting Autocad →

Autocad by Autodesk

View all CVEs affecting Autocad →

Autocad by Autodesk

View all CVEs affecting Autocad →

Autocad by Autodesk

View all CVEs affecting Autocad →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control, data theft, lateral movement, and persistence establishment.

🟠

Likely Case

Local user account compromise leading to data exfiltration, ransomware deployment, or credential harvesting.

🟢

If Mitigated

Limited impact with proper application sandboxing, user privilege restrictions, and file validation controls.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to latest version per Autodesk security advisories

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007

Restart Required: Yes

Instructions:

1. Open Autodesk TrueView. 2. Navigate to Help > Check for Updates. 3. Install all available updates. 4. Restart the application.

🔧 Temporary Workarounds

Restrict DWG file handling

windows

Configure system to open DWG files with alternative applications or implement file validation

User awareness training

all

Train users to only open DWG files from trusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to restrict TrueView execution
  • Deploy endpoint protection with file validation for DWG formats

🔍 How to Verify

Check if Vulnerable:

Check TrueView version: Open TrueView > Help > About. If version is 2021 or 2022 without latest patches, system is vulnerable.

Check Version:

Not applicable - check via application GUI Help > About

Verify Fix Applied:

Verify version is updated beyond vulnerable releases and check Autodesk security advisory for specific patch versions.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected TrueView crashes
  • Suspicious child processes spawned from TrueView
  • Unusual file access patterns from TrueView process

Network Indicators:

  • Outbound connections from TrueView to unexpected destinations
  • DNS requests for suspicious domains from TrueView process

SIEM Query:

Process Creation where (Image contains 'trueview' OR ParentImage contains 'trueview') AND CommandLine contains unusual parameters

📊 Metadata

CVE ID: CVE-2022-25795
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-755
Published: April 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25795, you might also want to check these:

CVE-2022-48328 9.8

This vulnerability in MISP (Malware Information Sharing Platform) allows SQL injection through misha...

Same vulnerability type (CWE-755)
CVE-2021-43272 9.8

This vulnerability allows remote code execution through malicious DWF files in Open Design Alliance ...

Same vulnerability type (CWE-755)
CVE-2022-23121 9.8

CVE-2022-23121 is a critical remote code execution vulnerability in Netatalk's AppleDouble parsing f...

Same vulnerability type (CWE-755)