CVE-2025-1652 is an out-of-bounds read vulnerability classified under CWE-125 affecting Autodesk AutoCAD versions 2022 through 2025. The vulnerability is triggered when AutoCAD parses a specially crafted MODEL file, which causes the software to read memory outside the intended bounds. This memory corruption can lead to application crashes, unauthorized disclosure of sensitive information, or arbitrary code execution within the context of the AutoCAD process. The vulnerability requires user interaction, specifically opening or importing a malicious MODEL file, but does not require any prior privileges, making it accessible to remote attackers who can convince users to open such files. The CVSS v3.1 score of 7.8 reflects high severity, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). While no public exploits have been reported yet, the nature of the vulnerability and the widespread use of AutoCAD in critical industries make it a significant risk. The lack of available patches at the time of disclosure necessitates immediate risk mitigation strategies. The vulnerability could be exploited to disrupt business operations, steal intellectual property, or gain persistent footholds in affected environments.

The impact of CVE-2025-1652 is substantial for organizations relying on Autodesk AutoCAD for design and engineering workflows. Successful exploitation can lead to denial of service through application crashes, exposure of sensitive design data, and execution of arbitrary code that could compromise the host system. This can result in intellectual property theft, operational disruption, and potential lateral movement within corporate networks. Given AutoCAD’s extensive use in sectors such as architecture, construction, manufacturing, and infrastructure, the vulnerability poses risks to critical projects and sensitive designs. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments where MODEL files are frequently exchanged or downloaded from external sources. The high confidentiality and integrity impact could lead to loss of competitive advantage or regulatory compliance issues. Additionally, availability impacts could delay project timelines and increase costs.

Until official patches are released, organizations should implement several targeted mitigations: 1) Restrict MODEL file handling by enforcing strict policies on file sources, including blocking or quarantining MODEL files from untrusted or external origins. 2) Educate users to avoid opening MODEL files from unknown or suspicious sources and to verify file authenticity before use. 3) Employ application whitelisting and sandboxing techniques to limit AutoCAD’s ability to execute arbitrary code or access sensitive system resources. 4) Monitor AutoCAD process behavior for anomalies such as unexpected crashes or unusual memory access patterns. 5) Use endpoint detection and response (EDR) tools to detect potential exploitation attempts. 6) Maintain up-to-date backups of critical design files to mitigate the impact of potential data corruption or loss. 7) Once patches become available, prioritize their deployment across all affected AutoCAD versions. 8) Collaborate with Autodesk support channels for any interim security advisories or workarounds.