CVE-2025-1276

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.autodesk.com/products/autodesk-access/overview
https://www.autodesk.com/products/dwg-trueview/overview
https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autodesk:advance_steel::::::::
	cpe:2.3:a:autodesk:advance_steel::::::::
	cpe:2.3:a:autodesk:advance_steel::::::::
	cpe:2.3:a:autodesk:autocad::::::-::*
	cpe:2.3:a:autodesk:autocad::::::-::*
	cpe:2.3:a:autodesk:autocad::::::-::*
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_architecture::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_electrical::::::::
	cpe:2.3:a:autodesk:autocad_lt::::::-::*
	cpe:2.3:a:autodesk:autocad_lt::::::-::*
	cpe:2.3:a:autodesk:autocad_lt::::::-::*
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_map_3d::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mechanical::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_mep::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:autocad_plant_3d::::::::
	cpe:2.3:a:autodesk:civil_3d::::::::
	cpe:2.3:a:autodesk:civil_3d::::::::
	cpe:2.3:a:autodesk:civil_3d::::::::
	cpe:2.3:a:autodesk:dwg_trueview::::::::
	cpe:2.3:a:autodesk:dwg_trueview::::::::
	cpe:2.3:a:autodesk:dwg_trueview::::::::
	cpe:2.3:a:autodesk:infrastructure_parts_editor::::::::
	cpe:2.3:a:autodesk:infrastructure_parts_editor::::::::
	cpe:2.3:a:autodesk:inventor::::::::
	cpe:2.3:a:autodesk:inventor::::::::
	cpe:2.3:a:autodesk:navisworks_manage::::::::
	cpe:2.3:a:autodesk:navisworks_manage::::::::
	cpe:2.3:a:autodesk:navisworks_simulate::::::::
	cpe:2.3:a:autodesk:navisworks_simulate::::::::
	cpe:2.3:a:autodesk:revit::::::::
	cpe:2.3:a:autodesk:revit::::::::
	cpe:2.3:a:autodesk:vault::::::::
	cpe:2.3:a:autodesk:vault::::::::

History

No history.

Information

Published : 2025-04-15 21:15

Updated : 2025-08-19 13:15

NVD link : CVE-2025-1276

Mitre link : CVE-2025-1276

CVE.ORG link : CVE-2025-1276

JSON object : View

Products Affected

autodesk

autocad_electrical
autocad_map_3d
vault
dwg_trueview
infrastructure_parts_editor
autocad
navisworks_manage
navisworks_simulate
autocad_mep
inventor
autocad_mechanical
autocad_plant_3d
autocad_architecture
advance_steel
revit
autocad_lt
civil_3d

CWE

CWE-787

Out-of-bounds Write

7.8 /10