CVE-2025-1650

Q: What is the severity of CVE-2025-1650?

CVE-2025-1650 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to exploit an uninitialized variable in Autodesk AutoCAD when processing malicious CATPRODUCT files. Successful exploitation could lead to crashes, sensitive data disclosure, or arbitrary code execution. All AutoCAD users who open untrusted CATPRODUCT files are affected.

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to exploit an uninitialized variable in Autodesk AutoCAD when processing malicious CATPRODUCT files. Successful exploitation could lead to crashes, sensitive data disclosure, or arbitrary code execution. All AutoCAD users who open untrusted CATPRODUCT files are affected.

💻 Affected Systems

Products:

Autodesk AutoCAD
Autodesk AutoCAD LT

Versions: 2022 and earlier versions (specific versions detailed in vendor advisory)

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when opening malicious CATPRODUCT files; default AutoCAD installations are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the AutoCAD process, potentially leading to full system compromise.

🟠

Likely Case

Application crash or denial of service, with potential for limited data leakage.

🟢

If Mitigated

No impact if proper file handling controls and patching are implemented.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file; no public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest AutoCAD 2022 updates (specific version in vendor advisory)

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001

Restart Required: No

Instructions:

1. Open AutoCAD. 2. Navigate to Help > Check for Updates. 3. Install all available updates. 4. Verify installation by checking version.

🔧 Temporary Workarounds

Restrict CATPRODUCT file handling

all

Block or restrict opening of CATPRODUCT files from untrusted sources.

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of malicious files.
Educate users to avoid opening CATPRODUCT files from unknown or untrusted sources.

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against affected versions listed in vendor advisory.

Check Version:

In AutoCAD, type ABOUT or check Help > About AutoCAD.

Verify Fix Applied:

Verify AutoCAD version is updated to latest patch version.

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening CATPRODUCT files
Unusual file access patterns

Network Indicators:

Downloads of CATPRODUCT files from untrusted sources

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName='acad.exe' AND FileExtension='.CATPRODUCT'

📊 Metadata

CVE ID: CVE-2025-1650

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-457

EPSS Score: 0.08% exploit probability (24th percentile)

Published: March 13, 2025

Last Updated: August 19, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict CATPRODUCT file handling

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities