CVE-2025-1651

CVE-2025-1651 is a heap-based overflow vulnerability (CWE-122, CWE-787) in Autodesk AutoCAD, triggered by parsing a maliciously crafted MODEL file. The issue allows potential crashes, sensitive data exposure, or arbitrary code execution within the context of the affected process. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact with local access, low attack complexity, no privileges required, and user interaction needed.

A local attacker can exploit this vulnerability by convincing a user to open a specially crafted MODEL file in AutoCAD. Successful exploitation enables the attacker to cause application crashes, read sensitive information from memory, or execute arbitrary code with the privileges of the current user running AutoCAD, potentially leading to further system compromise if elevated privileges are present.

Autodesk's security advisory (ADSK-SA-2025-0001) addresses the issue, with patches available through the latest updates for AutoCAD and AutoCAD LT, including downloads for versions such as 2022 as noted in support resources. Security practitioners should advise users to apply these updates promptly and avoid opening untrusted MODEL files.