CVE-2025-5048
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code on AutoCAD systems by tricking users into opening malicious DGN files. The vulnerability affects AutoCAD users who open untrusted DGN files, potentially leading to complete system compromise. Attackers can exploit this memory corruption flaw to gain the same privileges as the AutoCAD process.
💻 Affected Systems
- Autodesk AutoCAD
📦 What is this software?
Advance Steel by Autodesk
Autocad by Autodesk
Autocad Lt by Autodesk
Autocad Mep by Autodesk
Civil 3d by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with administrative privileges, data theft, ransomware deployment, and lateral movement across the network.
Likely Case
Local privilege escalation leading to data exfiltration, persistence establishment, and credential harvesting from the compromised system.
If Mitigated
Limited impact with application sandboxing or restricted user privileges, potentially only affecting the AutoCAD process itself.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file); no public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Autodesk advisory ADSK-SA-2025-0017 for specific patched versions
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0017
Restart Required: Yes
Instructions:
1. Open AutoCAD. 2. Navigate to Help > About. 3. Check for updates. 4. Download and install the latest security update from Autodesk. 5. Restart AutoCAD and verify the update.
🔧 Temporary Workarounds
Block DGN file extensions
windowsPrevent AutoCAD from opening DGN files via group policy or application restrictions
Not applicable - configure via Group Policy or application settings
Run AutoCAD with restricted privileges
windowsExecute AutoCAD with limited user permissions to reduce impact of successful exploitation
runas /user:standarduser "C:\Program Files\Autodesk\AutoCAD\acad.exe"
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized AutoCAD execution
- Educate users to never open DGN files from untrusted sources and implement email filtering for DGN attachments
🔍 How to Verify
Check if Vulnerable:
Check AutoCAD version against affected versions listed in Autodesk advisory ADSK-SA-2025-0017Check Version:
In AutoCAD: Help > About, or check registry: HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\AutoCADVerify Fix Applied:
Verify AutoCAD version is updated to patched version specified in Autodesk advisory📡 Detection & Monitoring
Log Indicators:
- AutoCAD crash logs with memory access violations
- Unexpected AutoCAD process spawning child processes
- File access to suspicious DGN files
Network Indicators:
- Outbound connections from AutoCAD process to unknown IPs
- DNS queries for command and control domains from AutoCAD
SIEM Query:
Process:acad.exe AND (EventID:1000 OR ParentImage:acad.exe) OR FilePath:*\*.dgn AND Process:acad.exe