CVE-2025-1652

Q: What is the severity of CVE-2025-1652?

CVE-2025-1652 has a CVSS score of 7.8 (HIGH). This CVE describes an out-of-bounds read vulnerability in Autodesk AutoCAD when parsing malicious MODEL files. Attackers can exploit this to crash the application, read sensitive memory data, or potentially execute arbitrary code. All AutoCAD users who open untrusted MODEL files are affected.

7.8 HIGH

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in Autodesk AutoCAD when parsing malicious MODEL files. Attackers can exploit this to crash the application, read sensitive memory data, or potentially execute arbitrary code. All AutoCAD users who open untrusted MODEL files are affected.

💻 Affected Systems

Products:

Autodesk AutoCAD

Versions: Specific versions not detailed in references; likely multiple recent versions based on typical Autodesk vulnerability patterns

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when opening malicious MODEL files; AutoCAD installations with default settings are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or lateral movement within the network.

🟠

Likely Case

Application crashes and potential information disclosure through memory reads, disrupting workflow and exposing sensitive data.

🟢

If Mitigated

Limited to denial of service through crashes if memory protections prevent code execution.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file; memory corruption vulnerabilities can be challenging to weaponize reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest AutoCAD updates as referenced in Autodesk security advisory

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001

Restart Required: No

Instructions:

1. Open AutoCAD. 2. Navigate to Help > Check for Updates. 3. Install all available updates. 4. Alternatively, download latest version from Autodesk website.

🔧 Temporary Workarounds

Restrict MODEL file handling

all

Configure AutoCAD to open MODEL files only from trusted sources using application restrictions or group policies.

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized AutoCAD execution
Educate users to never open MODEL files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check AutoCAD version against patched versions listed in Autodesk security advisory ADSK-SA-2025-0001

Check Version:

In AutoCAD: Help > About AutoCAD

Verify Fix Applied:

Verify AutoCAD version matches or exceeds patched version from Autodesk advisory

📡 Detection & Monitoring

Log Indicators:

AutoCAD crash logs with memory access violations
Unexpected MODEL file access patterns

Network Indicators:

Unusual MODEL file downloads to AutoCAD workstations

SIEM Query:

Process:AutoCAD.exe AND (EventID:1000 OR ExceptionCode:c0000005)

📊 Metadata

CVE ID: CVE-2025-1652

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.08% exploit probability (24th percentile)

Published: March 13, 2025

Last Updated: August 19, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict MODEL file handling

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities