CVE-2025-1428

Q: What is the severity of CVE-2025-1428?

CVE-2025-1428 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to craft malicious CATPART files that trigger an out-of-bounds read when opened in Autodesk AutoCAD. Successful exploitation could lead to application crashes, sensitive data exposure, or arbitrary code execution. All AutoCAD users who open untrusted CATPART files are affected.

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to craft malicious CATPART files that trigger an out-of-bounds read when opened in Autodesk AutoCAD. Successful exploitation could lead to application crashes, sensitive data exposure, or arbitrary code execution. All AutoCAD users who open untrusted CATPART files are affected.

💻 Affected Systems

Products:

Autodesk AutoCAD
Autodesk AutoCAD LT

Versions: 2022 and potentially earlier versions (exact range not specified in provided references)

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing CATPART files, which are CAD part files used in mechanical design.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary code execution with current process privileges, potentially leading to full system compromise if AutoCAD runs with elevated permissions.

🟠

Likely Case

Application crash or sensitive memory data leakage, disrupting workflows and potentially exposing confidential information.

🟢

If Mitigated

Limited impact with proper file handling policies and network segmentation, likely resulting in application crashes only.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest AutoCAD/AutoCAD LT 2022 update (specific version not specified)

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001

Restart Required: No

Instructions:

1. Open AutoCAD. 2. Navigate to Help > Check for Updates. 3. Install all available updates. 4. Alternatively, download latest update from Autodesk website.

🔧 Temporary Workarounds

Restrict CATPART file handling

all

Block or restrict opening of CATPART files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to restrict AutoCAD execution to trusted systems only
Use network segmentation to isolate AutoCAD workstations from critical systems

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against latest patched version in Autodesk advisory

Check Version:

In AutoCAD: Type 'ABOUT' command or check Help > About AutoCAD

Verify Fix Applied:

Verify AutoCAD version is updated to latest release and test with known safe CATPART files

📡 Detection & Monitoring

Log Indicators:

AutoCAD crash logs with memory access violations
Unexpected file parsing errors in application logs

Network Indicators:

Unusual CATPART file downloads from untrusted sources
AutoCAD process spawning unexpected child processes

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName='acad.exe' AND ExceptionCode=0xC0000005

📊 Metadata

CVE ID: CVE-2025-1428

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.08% exploit probability (24th percentile)

Published: March 13, 2025

Last Updated: August 19, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict CATPART file handling

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities