CVE-2025-5047 is a high-severity vulnerability identified in Autodesk AutoCAD versions 2023 through 2026. The root cause is the use of an uninitialized variable (CWE-457) when parsing DGN files, a file format commonly used for CAD drawings. An attacker can craft a malicious DGN file that triggers this vulnerability during parsing. Exploitation can lead to a range of impacts including application crashes (denial of service), unauthorized reading of sensitive memory contents, or even arbitrary code execution within the context of the AutoCAD process. The vulnerability requires local access to open a malicious DGN file, and user interaction is necessary to trigger the parsing. The CVSS 3.1 base score is 7.8, reflecting high severity with high impact on confidentiality, integrity, and availability. The attack vector is local (AV:L), attack complexity is low (AC:L), no privileges are required (PR:N), but user interaction is needed (UI:R). The vulnerability scope is unchanged (S:U), meaning the impact is limited to the vulnerable component. While no known exploits are reported in the wild yet, the potential for exploitation exists given the ability to execute arbitrary code. AutoCAD is widely used in engineering, architecture, and construction sectors, making this vulnerability significant for organizations relying on CAD workflows.

For European organizations, the impact of CVE-2025-5047 can be substantial. AutoCAD is extensively used across multiple industries including manufacturing, civil engineering, architecture, and infrastructure development. Exploitation could lead to unauthorized disclosure of sensitive design data, intellectual property theft, or disruption of critical design processes. This could result in financial losses, reputational damage, and delays in project delivery. Additionally, arbitrary code execution could be leveraged as a foothold for further network compromise, especially in environments where AutoCAD is integrated with other enterprise systems. Given the high confidentiality and integrity impact, organizations handling sensitive or regulated design data (e.g., defense contractors, infrastructure firms) are particularly at risk. The requirement for user interaction means phishing or social engineering could be used to deliver malicious DGN files, increasing the risk of targeted attacks.

1. Immediate application of security patches once Autodesk releases them is critical; organizations should monitor Autodesk advisories closely. 2. Until patches are available, restrict the opening of DGN files from untrusted or unknown sources. Implement file validation and sandboxing mechanisms to isolate AutoCAD processes handling external files. 3. Employ endpoint protection solutions capable of detecting anomalous behavior or exploitation attempts within AutoCAD processes. 4. Conduct user awareness training focused on the risks of opening unsolicited or suspicious CAD files, emphasizing the importance of verifying file sources. 5. Use application whitelisting and privilege restrictions to limit AutoCAD’s ability to execute arbitrary code or access sensitive system resources. 6. Network segmentation should be enforced to contain potential breaches originating from compromised workstations running AutoCAD. 7. Regularly audit and monitor logs for unusual AutoCAD activity or crashes that could indicate exploitation attempts.