CVE-2025-1430

High

Published: 13 March 2025

Published

13 March 2025

Modified

19 August 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0029 52.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1430 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Autodesk Autocad. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 47.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of identified flaws, directly requiring patching of the AutoCAD memory corruption vulnerability via Autodesk updates.

SI-16 Memory Protection good match

prevent

Implements memory safeguards like DEP and ASLR to block arbitrary code execution from memory corruption during SLDPRT file parsing in AutoCAD.

SI-3 Malicious Code Protection partial match

preventdetect

Deploys malicious code protection to scan and quarantine crafted SLDPRT files before user interaction in vulnerable AutoCAD instances.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Memory corruption in AutoCAD SLDPRT parser enables RCE on file open, mapping directly to client-side exploitation (T1203) and user execution of malicious file (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Deeper analysisAI

CVE-2025-1430 is a memory corruption vulnerability (CWE-120, CWE-787) affecting Autodesk AutoCAD when parsing a maliciously crafted SLDPRT file. Published on 2025-03-13 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), it allows a malicious actor to trigger the issue during file processing, potentially leading to arbitrary code execution in the context of the AutoCAD process.

The vulnerability requires local access to the target system with low attack complexity but demands user interaction, such as convincing a user to open the malicious SLDPRT file in AutoCAD. No privileges are needed beforehand. Successful exploitation enables the attacker to execute arbitrary code with the privileges of the current user running AutoCAD, potentially compromising the system through high impacts on confidentiality, integrity, and availability.

Autodesk has published security advisory ADSK-SA-2025-0001 addressing this issue, with updates available for AutoCAD and AutoCAD LT. Users can download the latest updates from Autodesk's support pages, such as those for AutoCAD 2022, via Autodesk Access.

Details

CWE(s): CWE-120 CWE-787

Affected Products

autodesk

autocad

2022 — 2022.1.6 · 2023 — 2023.1.7 · 2024 — 2024.1.7

autodesk

autocad architecture

2022 — 2022.1.6 · 2023 — 2023.1.7 · 2024 — 2024.1.7

autodesk

autocad electrical

2022 — 2022.1.6 · 2023 — 2023.1.7 · 2024 — 2024.1.7

autodesk

autocad mechanical

2022 — 2022.1.6 · 2023 — 2023.1.7 · 2024 — 2024.1.7

autodesk

autocad mep

2022 — 2022.1.6 · 2023 — 2023.1.7 · 2024 — 2024.1.7

autodesk

autocad plant 3d

2022 — 2022.1.6 · 2023 — 2023.1.7 · 2024 — 2024.1.7

autodesk

civil 3d

2022 — 2022.1.6 · 2023 — 2023.1.7 · 2024 — 2024.1.7

autodesk

advance steel

2022 — 2022.1.6 · 2023 — 2023.1.7 · 2024 — 2024.1.7

autodesk

autocad map 3d

2022 — 2022.1.6 · 2023 — 2023.1.7 · 2024 — 2024.1.7

CVEs Like This One

CVE-2025-1429Same product: Autodesk Advance Steel

CVE-2025-1427Same product: Autodesk Advance Steel

CVE-2025-1650Same product: Autodesk Advance Steel

CVE-2025-1433Same product: Autodesk Advance Steel

CVE-2025-1431Same product: Autodesk Advance Steel

CVE-2025-1649Same product: Autodesk Advance Steel

CVE-2025-1428Same product: Autodesk Advance Steel

CVE-2025-1432Same product: Autodesk Advance Steel

CVE-2025-1651Same product: Autodesk Advance Steel

CVE-2026-0874Same product: Autodesk Advance Steel

References

https://www.autodesk.com/products/autodesk-access/overview
psirt@autodesk.com
https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html
psirt@autodesk.com
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001
Vendor Advisory · psirt@autodesk.com