CVE-2025-1649

Q: What is the severity of CVE-2025-1649?

CVE-2025-1649 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to craft malicious CATPRODUCT files that, when opened in Autodesk AutoCAD, can exploit an uninitialized variable to crash the application, read sensitive data, or execute arbitrary code. It affects AutoCAD users who open untrusted CATPRODUCT files. The vulnerability is rated CVSS 7.8 (High severity).

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to craft malicious CATPRODUCT files that, when opened in Autodesk AutoCAD, can exploit an uninitialized variable to crash the application, read sensitive data, or execute arbitrary code. It affects AutoCAD users who open untrusted CATPRODUCT files. The vulnerability is rated CVSS 7.8 (High severity).

💻 Affected Systems

Products:

Autodesk AutoCAD
Autodesk AutoCAD LT

Versions: 2022 and earlier versions (specific versions detailed in vendor advisory)

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All AutoCAD installations that process CATPRODUCT files are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the AutoCAD process, potentially leading to full system compromise.

🟠

Likely Case

Application crash or denial of service, with potential for limited data exposure.

🟢

If Mitigated

No impact if patched or if users avoid opening untrusted CATPRODUCT files.

🌐 Internet-Facing: MEDIUM - Attackers could host malicious files online, but requires user interaction to open.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via email or shared drives.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest AutoCAD 2022 updates (specific version in vendor advisory)

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001

Restart Required: No

Instructions:

1. Open AutoCAD. 2. Go to Help > Check for Updates. 3. Install all available updates. 4. Verify version matches patched release.

🔧 Temporary Workarounds

Block CATPRODUCT file extensions

all

Prevent AutoCAD from opening .CATPRODUCT files via group policy or application settings.

🧯 If You Can't Patch

Implement application whitelisting to block untrusted AutoCAD executions.
Educate users to never open CATPRODUCT files from untrusted sources.

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against patched versions listed in Autodesk advisory ADSK-SA-2025-0001.

Check Version:

In AutoCAD: Type 'ABOUT' command or check Help > About AutoCAD.

Verify Fix Applied:

Confirm AutoCAD version is updated to patched release and test with known safe CATPRODUCT files.

📡 Detection & Monitoring

Log Indicators:

AutoCAD crash logs with memory access violations
Unexpected process termination events in system logs

Network Indicators:

Downloads of CATPRODUCT files from untrusted sources
Unusual outbound connections after file opening

SIEM Query:

EventID=1000 OR EventID=1001 Source=AutoCAD.exe | search "access violation" OR "unhandled exception"

📊 Metadata

CVE ID: CVE-2025-1649

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-457

EPSS Score: 0.08% exploit probability (24th percentile)

Published: March 13, 2025

Last Updated: August 19, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Block CATPRODUCT file extensions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities