CVE-2025-1430

Q: What is the severity of CVE-2025-1430?

CVE-2025-1430 has a CVSS score of 7.8 (HIGH). This vulnerability allows an attacker to execute arbitrary code on a system by tricking a user into opening a malicious SLDPRT file in Autodesk AutoCAD. It affects AutoCAD users who open untrusted files, potentially leading to full system compromise. The risk is highest for organizations using AutoCAD for design work with external file sources.

7.8 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability allows an attacker to execute arbitrary code on a system by tricking a user into opening a malicious SLDPRT file in Autodesk AutoCAD. It affects AutoCAD users who open untrusted files, potentially leading to full system compromise. The risk is highest for organizations using AutoCAD for design work with external file sources.

💻 Affected Systems

Products:

Autodesk AutoCAD
Autodesk AutoCAD LT

Versions: Specific versions not detailed in references; likely affects multiple recent versions prior to patching.

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when parsing SLDPRT files, a common format in CAD workflows; default installations are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, enabling data theft, ransomware deployment, or lateral movement within a network.

🟠

Likely Case

Local privilege escalation or malware installation if a user opens a malicious file, often via phishing or compromised websites.

🟢

If Mitigated

Limited to denial-of-service or application crash if file parsing is blocked or sandboxed, with no code execution.

🌐 Internet-Facing: LOW, as exploitation typically requires user interaction to open a file, not direct internet exposure of the software.

🏢 Internal Only: MEDIUM, due to the need for social engineering or insider threats to deliver malicious files within an organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file; no public proof-of-concept is known, but memory corruption vulnerabilities are often exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest update as per Autodesk advisory; check specific version in vendor links.

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001

Restart Required: No

Instructions:

1. Visit Autodesk's support page for updates. 2. Download and install the latest patch for your AutoCAD version. 3. Verify installation via the application's about or help menu.

🔧 Temporary Workarounds

Block SLDPRT file extensions

all

Prevent opening of SLDPRT files in AutoCAD by blocking the file extension at the system or network level.

🧯 If You Can't Patch

Restrict user permissions to limit code execution impact, e.g., run AutoCAD with reduced privileges.
Implement application whitelisting to prevent unauthorized executables from running post-exploit.

🔍 How to Verify

Check if Vulnerable:

Check if AutoCAD version is older than the patched release listed in the Autodesk advisory.

Check Version:

In AutoCAD, go to Help > About or check the application properties in the system.

Verify Fix Applied:

Confirm the installed version matches or exceeds the patched version from the vendor advisory.

📡 Detection & Monitoring

Log Indicators:

Unusual process spawns from AutoCAD, crashes, or errors related to SLDPRT file parsing in application logs.

Network Indicators:

File downloads of SLDPRT files from untrusted sources, especially via email or web links.

SIEM Query:

Example: 'process:AutoCAD AND (event:crash OR file_extension:sldprt)'

📊 Metadata

CVE ID: CVE-2025-1430

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-120

EPSS Score: 0.08% exploit probability (24th percentile)

Published: March 13, 2025

Last Updated: August 19, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Block SLDPRT file extensions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities