CVE-2025-1652 — Out-of-bounds Read in Advance Steel

CWE-125 — Out-of-bounds Read CWE-416 — Use After Free6 documents6 sources

Severity

7.8HIGHNVD

CISA9.8

EPSS

0.1%

top 75.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Advance Steel Autodesk Autocad Autodesk Autocad Architecture +6 more

Timeline

PublishedMar 13

Description

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages18 packages

▶CVEListV5autodesk/autocad2025 — 2025.1.2+3

▶NVDautodesk/autocad2022 — 2022.1.6+3

▶CVEListV5autodesk/autocad_mep2025 — 2025.1.2+3

▶NVDautodesk/autocad_mep2022 — 2022.1.6+3

▶CVEListV5autodesk/autocad_map_3d2025 — 2025.1.2+3

🔴Vulnerability Details

CVEList

MODEL File Parsing Out-of-Bounds Read Vulnerability↗2025-03-13

▶

GHSA

GHSA-rrcm-jcf5-7g58: A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability↗2025-03-13

▶

📋Vendor Advisories

CISA

Paessler PRTG Network Monitor Local File Inclusion Vulnerability↗2025-02-04

▶

Microsoft

A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a ↗2023-03-14

▶

💬Community

Bugzilla

CVE-2023-1652 Kernel: use-after-free in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c↗2023-03-27

▶

External resources

NVD MITRE

Affected products9

Autodesk Advance Steel≥ 2025, < 2025.1.2≥ 2024, < 2024.1.7≥ 2023, < 2023.1.7+1 more

Autodesk Autocad≥ 2025, < 2025.1.2≥ 2024, < 2024.1.7≥ 2023, < 2023.1.7+1 more

Autodesk Autocad Architecture≥ 2025, < 2025.1.2≥ 2024, < 2024.1.7≥ 2023, < 2023.1.7+1 more

Autodesk Autocad Electrical≥ 2025, < 2025.1.2≥ 2024, < 2024.1.7≥ 2023, < 2023.1.7+1 more

Autodesk Autocad MAP 3D≥ 2025, < 2025.1.2≥ 2024, < 2024.1.7≥ 2023, < 2023.1.7+1 more

Autodesk Autocad Mechanical≥ 2025, < 2025.1.2≥ 2024, < 2024.1.7≥ 2023, < 2023.1.7+1 more

Autodesk Autocad MEP≥ 2025, < 2025.1.2≥ 2024, < 2024.1.7≥ 2023, < 2023.1.7+1 more

Autodesk Autocad Plant 3D≥ 2025, < 2025.1.2≥ 2024, < 2024.1.7≥ 2023, < 2023.1.7+1 more

Autodesk Civil 3D≥ 2025, < 2025.1.2≥ 2024, < 2024.1.7≥ 2023, < 2023.1.7+1 more

Disclosure

PublishedMar 13, 2025