CVE-2025-1431

Q: What is the severity of CVE-2025-1431?

CVE-2025-1431 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to exploit an out-of-bounds read in Autodesk AutoCAD when processing malicious SLDPRT files. Successful exploitation could lead to application crashes, sensitive data disclosure, or arbitrary code execution. Users of affected AutoCAD versions are at risk.

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to exploit an out-of-bounds read in Autodesk AutoCAD when processing malicious SLDPRT files. Successful exploitation could lead to application crashes, sensitive data disclosure, or arbitrary code execution. Users of affected AutoCAD versions are at risk.

💻 Affected Systems

Products:

Autodesk AutoCAD
Autodesk AutoCAD LT

Versions: 2022 and potentially earlier versions (check vendor advisory)

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when opening malicious SLDPRT files. AutoCAD must be installed and used to open files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the AutoCAD process, potentially leading to full system compromise.

🟠

Likely Case

Application crashes and denial of service, with potential for limited data disclosure.

🟢

If Mitigated

No impact if malicious files are blocked or patched versions are used.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest AutoCAD 2022 updates (check specific version in vendor advisory)

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001

Restart Required: No

Instructions:

1. Open AutoCAD. 2. Navigate to Help > Check for Updates. 3. Install all available updates. 4. Verify installation by checking version.

🔧 Temporary Workarounds

Block SLDPRT files

all

Configure email/web filters to block SLDPRT attachments and downloads

User awareness training

all

Train users not to open SLDPRT files from untrusted sources

🧯 If You Can't Patch

Restrict AutoCAD usage to trusted users only
Implement application whitelisting to prevent unauthorized AutoCAD execution

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against vendor advisory. If using AutoCAD 2022 without latest updates, assume vulnerable.

Check Version:

In AutoCAD: Help > About AutoCAD

Verify Fix Applied:

Verify AutoCAD version matches or exceeds patched version specified in vendor advisory.

📡 Detection & Monitoring

Log Indicators:

AutoCAD crash logs
Application error events in Windows Event Viewer

Network Indicators:

Downloads of SLDPRT files from untrusted sources

SIEM Query:

EventID=1000 AND ProcessName='acad.exe' OR FileExtension='.sldprt' AND Action='Download'

📊 Metadata

CVE ID: CVE-2025-1431

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.08% exploit probability (24th percentile)

Published: March 13, 2025

Last Updated: August 19, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Block SLDPRT files

User awareness training

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities