CVE-2025-1651

Q: What is the severity of CVE-2025-1651?

CVE-2025-1651 has a CVSS score of 7.8 (HIGH). A heap-based buffer overflow vulnerability in Autodesk AutoCAD allows attackers to craft malicious MODEL files that can crash the application, leak sensitive data, or execute arbitrary code when opened. This affects AutoCAD users who open untrusted MODEL files. The vulnerability requires user interaction to open a malicious file.

7.8 HIGH

📋 TL;DR

A heap-based buffer overflow vulnerability in Autodesk AutoCAD allows attackers to craft malicious MODEL files that can crash the application, leak sensitive data, or execute arbitrary code when opened. This affects AutoCAD users who open untrusted MODEL files. The vulnerability requires user interaction to open a malicious file.

💻 Affected Systems

Products:

Autodesk AutoCAD
Autodesk AutoCAD LT

Versions: 2022 and earlier versions (specific affected versions detailed in vendor advisory)

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations that process MODEL files are vulnerable by default. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the AutoCAD process, potentially leading to full system compromise, data theft, or lateral movement.

🟠

Likely Case

Application crash or denial of service when opening malicious files, with potential for limited data leakage from memory.

🟢

If Mitigated

No impact if users only open trusted files from verified sources and have proper security controls.

🌐 Internet-Facing: LOW - Exploitation requires user interaction to open a malicious file, not directly exposed via network services.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files via email, shared drives, or social engineering.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting a malicious MODEL file and convincing a user to open it. No authentication bypass needed but requires user interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest updates for AutoCAD 2022 and earlier (specific version numbers in vendor advisory)

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001

Restart Required: No

Instructions:

1. Open AutoCAD. 2. Navigate to Help > Check for Updates. 3. Download and install the latest security update. 4. Verify installation by checking version number.

🔧 Temporary Workarounds

Restrict MODEL file execution

all

Block or restrict opening of .model files from untrusted sources using application control or file extension policies.

User awareness training

all

Train users to only open MODEL files from trusted sources and verify file integrity before opening.

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized AutoCAD instances
Use email filtering and web proxies to block malicious MODEL file attachments and downloads

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against affected versions listed in Autodesk security advisory ADSK-SA-2025-0001

Check Version:

In AutoCAD: Help > About AutoCAD > Product Information

Verify Fix Applied:

Verify AutoCAD version matches or exceeds the patched version specified in the vendor advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes with heap corruption errors
Unexpected AutoCAD process termination
Security event logs showing file access to suspicious MODEL files

Network Indicators:

Downloads of MODEL files from untrusted sources
Network traffic patterns indicating data exfiltration after file opening

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName='acad.exe' AND (FaultModuleName LIKE '%heap%' OR ExceptionCode=0xC0000005)

📊 Metadata

CVE ID: CVE-2025-1651

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.08% exploit probability (24th percentile)

Published: March 13, 2025

Last Updated: August 19, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict MODEL file execution

User awareness training

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities