CVE-2025-1652
Published: 13 March 2025
Summary
CVE-2025-1652 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Autodesk Autocad. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 40.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of the out-of-bounds read flaw in AutoCAD by applying vendor patches from Autodesk advisory ADSK-SA-2025-0001.
Implements memory protections like ASLR and DEP to mitigate exploitation of the out-of-bounds read for sensitive data disclosure or arbitrary code execution.
Enables vulnerability scanning to identify unpatched AutoCAD instances affected by CVE-2025-1652, triggering remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is triggered when a user opens a maliciously crafted MODEL file in AutoCAD, directly enabling T1204.002 Malicious File under User Execution to achieve arbitrary code execution, info disclosure, or crash.
NVD Description
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current…
more
process.
Deeper analysisAI
CVE-2025-1652 is an Out-of-Bounds Read vulnerability (CWE-125) affecting Autodesk AutoCAD. The issue arises when AutoCAD parses a maliciously crafted MODEL file, potentially leading to a crash, disclosure of sensitive data, or arbitrary code execution in the context of the current process. Published on 2025-03-13, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H).
The vulnerability requires local access and low attack complexity but no privileges, relying on user interaction to open the malicious MODEL file. An attacker can exploit it to crash the application, read sensitive information from memory, or achieve remote code execution within the AutoCAD process sandbox.
Autodesk's security advisory (ADSK-SA-2025-0001) addresses the vulnerability, with patches available through Autodesk Access and specific update downloads for AutoCAD and AutoCAD LT 2022 via support articles. Security practitioners should apply these updates promptly to mitigate risks.
Details
- CWE(s)