UAF Vulnerability in Autodesk AutoCAD 3DM Parser
CVE-2025-1432 Published on March 13, 2025

3DM File Parsing Use-After-Free Vulnerability
A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-1432 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2025-1432 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2025-1432

Want to know whenever a new CVE is published for AutoDesk products? stack.watch will email you.

AutoDesk Autocad
 
AutoDesk Autocad Architecture
 
AutoDesk Autocad Electrical
 
AutoDesk Autocad Mechanical
 
AutoDesk Autocad Mep
 
AutoDesk Autocad Plant 3d
 
AutoDesk Civil 3d
 
AutoDesk Advance Steel
 
AutoDesk Autocad Map 3d
 

Affected Versions

Autodesk AutoCAD: Autodesk AutoCAD Architecture: Autodesk AutoCAD Electrical: Autodesk AutoCAD Mechanical: Autodesk AutoCAD MEP: Autodesk AutoCAD Plant 3D: Autodesk Civil 3D: Autodesk Advance Steel: Autodesk AutoCAD MAP 3D:

Exploit Probability

EPSS
0.08%
Percentile
24.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.