CVE-2025-1651
Published: 13 March 2025
Summary
CVE-2025-1651 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Autodesk Autocad Mechanical. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 47.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 mandates timely identification, reporting, and remediation of software flaws, directly mitigated by applying Autodesk patches for the heap overflow in AutoCAD's MODEL file parser.
SI-16 enforces memory protections like ASLR and DEP that prevent unauthorized code execution and data exposure from heap overflow exploitation.
SI-10 requires validation of information inputs, addressing malformed MODEL files that trigger the parsing overflow vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a heap-based buffer overflow triggered specifically by parsing a maliciously crafted MODEL file in AutoCAD, requiring user interaction to open the file. This directly enables the Malicious File sub-technique under User Execution for achieving arbitrary code execution.
NVD Description
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…
more
process.
Deeper analysisAI
CVE-2025-1651 is a heap-based overflow vulnerability (CWE-122, CWE-787) in Autodesk AutoCAD, triggered by parsing a maliciously crafted MODEL file. The issue allows potential crashes, sensitive data exposure, or arbitrary code execution within the context of the affected process. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact with local access, low attack complexity, no privileges required, and user interaction needed.
A local attacker can exploit this vulnerability by convincing a user to open a specially crafted MODEL file in AutoCAD. Successful exploitation enables the attacker to cause application crashes, read sensitive information from memory, or execute arbitrary code with the privileges of the current user running AutoCAD, potentially leading to further system compromise if elevated privileges are present.
Autodesk's security advisory (ADSK-SA-2025-0001) addresses the issue, with patches available through the latest updates for AutoCAD and AutoCAD LT, including downloads for versions such as 2022 as noted in support resources. Security practitioners should advise users to apply these updates promptly and avoid opening untrusted MODEL files.
Details
- CWE(s)