CVE-2025-1433

Q: What is the severity of CVE-2025-1433?

CVE-2025-1433 has a CVSS score of 7.8 (HIGH). CVE-2025-1433 is an out-of-bounds read vulnerability in Autodesk AutoCAD that allows attackers to craft malicious MODEL files to cause crashes, read sensitive data, or execute arbitrary code. This affects AutoCAD users who open untrusted MODEL files. The vulnerability requires user interaction to open a malicious file.

7.8 HIGH

📋 TL;DR

CVE-2025-1433 is an out-of-bounds read vulnerability in Autodesk AutoCAD that allows attackers to craft malicious MODEL files to cause crashes, read sensitive data, or execute arbitrary code. This affects AutoCAD users who open untrusted MODEL files. The vulnerability requires user interaction to open a malicious file.

💻 Affected Systems

Products:

Autodesk AutoCAD
Autodesk AutoCAD LT

Versions: Specific versions not detailed in references; check Autodesk advisory for affected versions.

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All AutoCAD installations that process MODEL files are vulnerable unless patched.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the AutoCAD process, potentially leading to full system compromise.

🟠

Likely Case

Application crashes and potential information disclosure through memory reads.

🟢

If Mitigated

Limited impact with proper file handling policies and user awareness.

🌐 Internet-Facing: LOW - Requires user to download and open malicious file.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via email or shared drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file; no known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Autodesk security advisory ADSK-SA-2025-0001 for specific patched versions.

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001

Restart Required: No

Instructions:

1. Visit Autodesk's support page for updates. 2. Download and install the latest AutoCAD update. 3. Verify installation through AutoCAD's about dialog.

🔧 Temporary Workarounds

Restrict MODEL file handling

all

Configure AutoCAD to not automatically open MODEL files from untrusted sources.

User awareness training

all

Train users to only open MODEL files from trusted sources.

🧯 If You Can't Patch

Implement application whitelisting to restrict AutoCAD execution.
Use network segmentation to isolate AutoCAD systems from critical assets.

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against Autodesk's security advisory for affected versions.

Check Version:

In AutoCAD, go to Help > About AutoCAD to view version details.

Verify Fix Applied:

Verify AutoCAD version matches or exceeds the patched version listed in the advisory.

📡 Detection & Monitoring

Log Indicators:

AutoCAD crash logs with memory access violations
Unexpected MODEL file processing events

Network Indicators:

Downloads of MODEL files from untrusted sources

SIEM Query:

EventID=1000 Source=AutoCAD AND ExceptionCode=0xC0000005

📊 Metadata

CVE ID: CVE-2025-1433

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.08% exploit probability (24th percentile)

Published: March 13, 2025

Last Updated: August 19, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict MODEL file handling

User awareness training

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities