CVE-2024-7305

Q: What is the severity of CVE-2024-7305?

CVE-2024-7305 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code or cause crashes by tricking users into opening malicious DWF files in AutoCAD. It affects AutoCAD users who process untrusted DWF files. The vulnerability exists in the AdDwfPdk.dll library.

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code or cause crashes by tricking users into opening malicious DWF files in AutoCAD. It affects AutoCAD users who process untrusted DWF files. The vulnerability exists in the AdDwfPdk.dll library.

💻 Affected Systems

Products:

Autodesk AutoCAD

Versions: Specific versions not detailed in advisory; check Autodesk advisory for exact affected versions

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in AdDwfPdk.dll library used by AutoCAD for DWF file parsing.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the AutoCAD process, potentially leading to full system compromise.

🟠

Likely Case

Application crashes and denial of service when processing malicious files, with potential for limited code execution.

🟢

If Mitigated

No impact if patched or if users don't open untrusted DWF files.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but these could be delivered via email or web downloads.

🏢 Internal Only: MEDIUM - Similar risk internally if users process untrusted files from internal sources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious DWF file. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Autodesk Security Advisory ADSK-SA-2024-0014 for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0014

Restart Required: Yes

Instructions:

1. Open AutoCAD. 2. Go to Help > About. 3. Check for updates. 4. Install available updates. 5. Restart AutoCAD.

🔧 Temporary Workarounds

Disable DWF file association

windows

Prevent AutoCAD from automatically opening DWF files

Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Change .dwf association to another program

Block DWF files at perimeter

all

Filter DWF files at email gateways and web proxies

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized code execution
Educate users not to open DWF files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against Autodesk advisory. If using affected version and AdDwfPdk.dll is present, system is vulnerable.

Check Version:

In AutoCAD: Help > About, or command line: acad.exe /version

Verify Fix Applied:

Verify AutoCAD version is updated to patched version listed in Autodesk advisory.

📡 Detection & Monitoring

Log Indicators:

AutoCAD crash logs with AdDwfPdk.dll in stack trace
Unexpected process termination events

Network Indicators:

DWF file downloads from untrusted sources
Unusual outbound connections after DWF file processing

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="acad.exe" AND FaultModuleName="AdDwfPdk.dll"

📊 Metadata

CVE ID: CVE-2024-7305

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: August 20, 2024

Last Updated: July 30, 2025

🔗 References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0014 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Lt by Autodesk

Autocad Lt by Autodesk

Autocad Lt by Autodesk

Autocad Lt by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Dwg Trueview by Autodesk

Dwg Trueview by Autodesk

Dwg Trueview by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable DWF file association

Block DWF files at perimeter

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities