CVE-2025-1431
Published: 13 March 2025
Summary
CVE-2025-1431 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Autodesk Autocad. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 40.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the out-of-bounds read vulnerability by requiring timely application of Autodesk patches for AutoCAD as detailed in the security advisory.
Implements memory protections such as ASLR and DEP that mitigate exploitation of the out-of-bounds read for arbitrary code execution or sensitive data disclosure.
Requires vulnerability scanning to identify unpatched AutoCAD installations affected by CVE-2025-1431, enabling prompt remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a client-side file parsing flaw in AutoCAD triggered by opening a malicious SLDPRT file, directly enabling exploitation for client code execution (T1203) via user execution of a malicious file (T1204.002).
NVD Description
A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…
more
process.
Deeper analysisAI
CVE-2025-1431 is an Out-of-Bounds Read vulnerability (CWE-125) affecting Autodesk AutoCAD. The issue arises when AutoCAD parses a maliciously crafted SLDPRT file, potentially leading to a crash, disclosure of sensitive data, or arbitrary code execution in the context of the current process. Published on 2025-03-13, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
An attacker with local access can exploit this vulnerability by tricking a user into opening a specially crafted SLDPRT file in AutoCAD, requiring no privileges but relying on user interaction. Successful exploitation enables high-impact outcomes, including reading sensitive memory contents, modifying process behavior through code execution, or causing application denial of service via crashes, all within the user's process context.
Autodesk's security advisory (ADSK-SA-2025-0001) addresses the vulnerability, with patches and updates available through their support resources, such as the latest AutoCAD and AutoCAD LT 2022 downloads. Security practitioners should advise users to apply these updates promptly via Autodesk Access or the provided support articles.
Details
- CWE(s)