CVE-2025-1432
📋 TL;DR
A use-after-free vulnerability in Autodesk AutoCAD allows attackers to execute arbitrary code by tricking users into opening malicious 3DM files. This affects AutoCAD users who open untrusted 3D model files. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- Autodesk AutoCAD
- Autodesk AutoCAD LT
📦 What is this software?
Advance Steel by Autodesk
Advance Steel by Autodesk
Advance Steel by Autodesk
Advance Steel by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with full privileges of the AutoCAD process, potentially leading to complete system takeover, data theft, or ransomware deployment.
Likely Case
Application crash or limited data leakage from memory, with potential for code execution in targeted attacks.
If Mitigated
No impact if patches are applied or if users avoid opening untrusted 3DM files.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest AutoCAD updates as referenced in Autodesk advisory ADSK-SA-2025-0001
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
Restart Required: No
Instructions:
1. Open AutoCAD. 2. Navigate to Help > Check for Updates. 3. Install all available updates. 4. Alternatively, download the latest version from Autodesk's official update page.
🔧 Temporary Workarounds
Disable 3DM file association
windowsPrevent AutoCAD from automatically opening 3DM files by changing file associations
Windows: Control Panel > Default Programs > Associate a file type or protocol with a program > Change .3dm to open with Notepad or another safe application
Implement application whitelisting
allRestrict execution of AutoCAD to trusted directories only
🧯 If You Can't Patch
- Implement strict user training to never open 3DM files from untrusted sources
- Deploy endpoint protection that can detect and block malicious 3DM files
🔍 How to Verify
Check if Vulnerable:
Check AutoCAD version against Autodesk's security advisory. If using AutoCAD 2022 or earlier without latest updates, assume vulnerable.Check Version:
In AutoCAD: Type 'ABOUT' command or check Help > About AutoCADVerify Fix Applied:
Verify AutoCAD version is updated to latest release and check that security advisory ADSK-SA-2025-0001 is marked as resolved.📡 Detection & Monitoring
Log Indicators:
- AutoCAD crash logs with memory access violations
- Unexpected AutoCAD process termination events
- Security logs showing file access to 3DM files from untrusted locations
Network Indicators:
- Downloads of 3DM files from external sources
- Unusual outbound connections from AutoCAD process
SIEM Query:
EventID=1000 OR EventID=1001 AND ProcessName="acad.exe" AND ExceptionCode=0xC0000005