CVE-2025-1429

Q: What is the severity of CVE-2025-1429?

CVE-2025-1429 has a CVSS score of 7.8 (HIGH). A heap-based buffer overflow vulnerability in Autodesk AutoCAD allows attackers to craft malicious MODEL files that can crash the application, leak sensitive data, or execute arbitrary code when opened. This affects AutoCAD users who open untrusted MODEL files. The vulnerability requires user interaction to open a malicious file.

7.8 HIGH

📋 TL;DR

A heap-based buffer overflow vulnerability in Autodesk AutoCAD allows attackers to craft malicious MODEL files that can crash the application, leak sensitive data, or execute arbitrary code when opened. This affects AutoCAD users who open untrusted MODEL files. The vulnerability requires user interaction to open a malicious file.

💻 Affected Systems

Products:

Autodesk AutoCAD
Autodesk AutoCAD LT

Versions: 2022 and earlier versions (specific affected versions detailed in vendor advisory)

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All AutoCAD installations that process MODEL files are vulnerable by default. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the AutoCAD process, potentially leading to full system compromise if AutoCAD runs with elevated privileges.

🟠

Likely Case

Application crash or denial of service, with potential for data leakage from memory.

🟢

If Mitigated

Limited impact if proper file handling controls and least privilege principles are implemented.

🌐 Internet-Facing: LOW - Requires user to download and open a malicious file; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via email or shared drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. Heap manipulation adds complexity but reliable exploitation is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest AutoCAD 2022 updates (specific version in vendor advisory)

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001

Restart Required: No

Instructions:

1. Open AutoCAD. 2. Go to Help > Check for Updates. 3. Install all available updates. 4. Alternatively, download updates from Autodesk's official support site.

🔧 Temporary Workarounds

Restrict MODEL file handling

all

Configure AutoCAD to not automatically open MODEL files or restrict file associations

Implement application whitelisting

windows

Use AppLocker or similar to restrict execution of AutoCAD to trusted locations only

🧯 If You Can't Patch

Implement strict file handling policies: Only open MODEL files from trusted sources
Run AutoCAD with least privilege: Ensure it doesn't run with administrative rights

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against affected versions listed in Autodesk advisory ADSK-SA-2025-0001

Check Version:

In AutoCAD: Type ABOUT in command line or check Help > About AutoCAD

Verify Fix Applied:

Verify AutoCAD version is updated to latest release and no longer listed as vulnerable in advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes of AutoCAD with heap corruption errors
Unexpected process termination events in Windows Event Logs

Network Indicators:

Downloads of MODEL files from untrusted sources
Unusual network connections from AutoCAD process

SIEM Query:

EventID=1000 OR EventID=1001 Source=AutoCAD AND (ExceptionCode=0xc0000005 OR ExceptionCode=0xc0000409)

📊 Metadata

CVE ID: CVE-2025-1429

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.08% exploit probability (24th percentile)

Published: March 13, 2025

Last Updated: August 19, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict MODEL file handling

Implement application whitelisting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities