CVE-2025-1656: Heap Overflow in Autodesk App via Malicious PDF
CVE-2025-1656 Published on April 15, 2025

PDF File Parsing Heap-based Overflow Vulnerability
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-1656 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2025-1656

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-1656 are published in these products:

AutoDesk Revit

AutoDesk Autocad

AutoDesk Autocad Lt

AutoDesk Autocad Architecture

AutoDesk Autocad Electrical

AutoDesk Autocad Map 3d

AutoDesk Autocad Mechanical

AutoDesk Autocad Mep

AutoDesk Autocad Plant 3d

AutoDesk Civil 3d

AutoDesk Advance Steel

Affected Versions

Autodesk Revit:

Version 2025 and below 2025.4.1 is affected.
Version 2024 and below 2024.3.2 is affected.
Version 2023 and below 2023.1.7 is affected.

Autodesk AutoCAD:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD LT:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD Architecture:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD Electrical:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD MAP 3D:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD Mechanical:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD MEP:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk AutoCAD Plant 3D:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk Civil 3D:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Autodesk Advance Steel:

Version 2025 and below 2025.1.3 is affected.
Version 2024 and below 2024.1.8 is affected.
Version 2023 and below 2023.1.8 is affected.

Exploit Probability

EPSS

0.07%

Percentile

20.78%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2025-1656: Heap Overflow in Autodesk App via Malicious PDFCVE-2025-1656 Published on April 15, 2025

Vulnerability Analysis

Weakness Type

Heap-based Buffer Overflow

Products Associated with CVE-2025-1656

Affected Versions

Exploit Probability

CVE-2025-1656: Heap Overflow in Autodesk App via Malicious PDF
CVE-2025-1656 Published on April 15, 2025