CVE-2025-1433 is a high-severity vulnerability classified as an Out-of-Bounds (OOB) Read (CWE-125) affecting Autodesk AutoCAD versions 2022 through 2025. The vulnerability arises when AutoCAD parses a specially crafted MODEL file. An attacker can exploit this flaw by supplying a malicious MODEL file that triggers an out-of-bounds read operation. This can lead to multiple adverse effects: causing the application to crash (denial of service), leaking sensitive memory contents, or potentially enabling arbitrary code execution within the context of the AutoCAD process. The vulnerability requires local access (Attack Vector: Local) and user interaction (UI:R), but no privileges (PR:N) are needed to exploit it. The CVSS v3.1 base score is 7.8, indicating a high severity level, with impacts on confidentiality, integrity, and availability (all rated high). The vulnerability scope is unchanged (S:U), meaning the exploit affects only the vulnerable component without extending to other system components. Although no known exploits are reported in the wild yet, the potential for code execution elevates the risk profile. The lack of available patches at the time of reporting suggests that affected organizations must rely on mitigation strategies until official fixes are released. The vulnerability is particularly critical because AutoCAD is widely used in engineering, architecture, and design sectors, where sensitive intellectual property and project data are handled. An attacker exploiting this vulnerability could gain unauthorized access to sensitive design data or disrupt critical workflows by crashing the application or executing malicious code.

For European organizations, the impact of CVE-2025-1433 could be significant, especially in industries relying heavily on AutoCAD for design and engineering tasks, such as manufacturing, construction, automotive, aerospace, and infrastructure development. Confidentiality breaches could expose proprietary designs and intellectual property, leading to competitive disadvantages or regulatory compliance issues under GDPR if personal data is indirectly involved. Integrity and availability impacts could disrupt project timelines and operational continuity, causing financial losses and reputational damage. Given the high integration of AutoCAD in European industrial sectors, exploitation could also affect supply chains and critical infrastructure projects. The requirement for local access and user interaction somewhat limits remote exploitation, but phishing or social engineering attacks could be used to trick users into opening malicious MODEL files. The absence of known exploits in the wild currently reduces immediate risk but does not preclude future targeted attacks. Organizations involved in sensitive or critical projects should consider this vulnerability a priority for risk management.

1. Implement strict controls on the source and integrity of MODEL files before opening them in AutoCAD, including verifying file origins and using digital signatures where possible. 2. Educate users on the risks of opening unsolicited or unexpected MODEL files, emphasizing caution with email attachments and downloads. 3. Employ application whitelisting and sandboxing techniques to limit the impact of potential exploitation, isolating AutoCAD processes from critical system components. 4. Monitor AutoCAD application behavior for crashes or unusual activity that could indicate exploitation attempts. 5. Restrict local user permissions to the minimum necessary to reduce the attack surface, preventing unauthorized file execution or modification. 6. Maintain up-to-date backups of critical design data to enable recovery in case of disruption. 7. Stay alert for official patches or updates from Autodesk and apply them promptly once available. 8. Consider deploying endpoint detection and response (EDR) solutions capable of detecting anomalous memory access patterns or code execution attempts within AutoCAD.