Login Sign Up

CVE-2025-1275

7.8 HIGH

📋 TL;DR

A heap-based buffer overflow vulnerability in Autodesk applications allows attackers to execute arbitrary code by tricking users into opening malicious JPG files. This affects users of Autodesk Access and DWG TrueView applications. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:
  • Autodesk Access
  • DWG TrueView
Versions: All versions prior to the security update
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing malicious JPG files through affected applications

📦 What is this software?

Advance Steel by Autodesk

View all CVEs affecting Advance Steel →

Advance Steel by Autodesk

View all CVEs affecting Advance Steel →

Advance Steel by Autodesk

View all CVEs affecting Advance Steel →

Autocad by Autodesk

View all CVEs affecting Autocad →

Autocad by Autodesk

View all CVEs affecting Autocad →

Autocad by Autodesk

View all CVEs affecting Autocad →

Autocad Architecture by Autodesk

View all CVEs affecting Autocad Architecture →

Autocad Architecture by Autodesk

View all CVEs affecting Autocad Architecture →

Autocad Architecture by Autodesk

View all CVEs affecting Autocad Architecture →

Autocad Electrical by Autodesk

View all CVEs affecting Autocad Electrical →

Autocad Electrical by Autodesk

View all CVEs affecting Autocad Electrical →

Autocad Electrical by Autodesk

View all CVEs affecting Autocad Electrical →

Autocad Lt by Autodesk

View all CVEs affecting Autocad Lt →

Autocad Lt by Autodesk

View all CVEs affecting Autocad Lt →

Autocad Lt by Autodesk

View all CVEs affecting Autocad Lt →

Autocad Map 3d by Autodesk

View all CVEs affecting Autocad Map 3d →

Autocad Map 3d by Autodesk

View all CVEs affecting Autocad Map 3d →

Autocad Map 3d by Autodesk

View all CVEs affecting Autocad Map 3d →

Autocad Mechanical by Autodesk

View all CVEs affecting Autocad Mechanical →

Autocad Mechanical by Autodesk

View all CVEs affecting Autocad Mechanical →

Autocad Mechanical by Autodesk

View all CVEs affecting Autocad Mechanical →

Autocad Mep by Autodesk

View all CVEs affecting Autocad Mep →

Autocad Mep by Autodesk

View all CVEs affecting Autocad Mep →

Autocad Mep by Autodesk

View all CVEs affecting Autocad Mep →

Autocad Plant 3d by Autodesk

View all CVEs affecting Autocad Plant 3d →

Autocad Plant 3d by Autodesk

View all CVEs affecting Autocad Plant 3d →

Autocad Plant 3d by Autodesk

View all CVEs affecting Autocad Plant 3d →

Civil 3d by Autodesk

View all CVEs affecting Civil 3d →

Civil 3d by Autodesk

View all CVEs affecting Civil 3d →

Civil 3d by Autodesk

View all CVEs affecting Civil 3d →

Dwg Trueview by Autodesk

View all CVEs affecting Dwg Trueview →

Dwg Trueview by Autodesk

View all CVEs affecting Dwg Trueview →

Dwg Trueview by Autodesk

View all CVEs affecting Dwg Trueview →

Revit by Autodesk

View all CVEs affecting Revit →

Revit by Autodesk

View all CVEs affecting Revit →

Revit by Autodesk

View all CVEs affecting Revit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, data theft, and lateral movement capabilities

🟠

Likely Case

Application crash leading to denial of service, with potential for limited code execution

🟢

If Mitigated

Application crash without code execution if memory protections are enabled

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction to open malicious file

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0006

Restart Required: Yes

Instructions:

1. Visit Autodesk Trust Center 2. Download latest security update 3. Install update 4. Restart affected applications

🔧 Temporary Workarounds

Disable JPG file processing

all

Prevent applications from processing JPG files

File type restrictions

all

Block JPG files at network perimeter or endpoint

🧯 If You Can't Patch

  • Restrict user permissions to limit impact of code execution
  • Implement application whitelisting to prevent unauthorized execution

🔍 How to Verify

Check if Vulnerable:

Check application version against vendor advisory

Check Version:

Check Help > About in affected applications

Verify Fix Applied:

Verify application version matches patched version in advisory

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing JPG files
  • Memory access violations in application logs

Network Indicators:

  • Unexpected JPG file downloads to affected systems

SIEM Query:

Application:Autodesk AND EventID:1000 AND FileExtension:jpg

📊 Metadata

CVE ID: CVE-2025-1275
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-122
EPSS Score: 0.12% exploit probability (31.6th percentile)
Published: April 15, 2025
Last Updated: August 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1275, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)