Common Weakness Enumeration

CWE-125

Allowed

Out-of-bounds Read

Abstraction: Base · Status: Draft

The product reads data past the end, or before the beginning, of the intended buffer.

11273 vulnerabilities reference this CWE, most recent first.

CVE-2025-1658 (GCVE-0-2025-1658)

Vulnerability from cvelistv5 – Published: 2025-04-01 12:27 – Updated: 2026-02-26 18:29
VLAI
Title
DWFX File Parsing Out-of-Bounds Read Vulnerability
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk Navisworks Freedom Affected: 2025 , < 2025.5 (custom)
    cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*
Create a notification for this product.
Autodesk Navisworks Simulate Affected: 2025 , < 2025.5 (custom)
    cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*
Create a notification for this product.
Autodesk Navisworks Manage Affected: 2025 , < 2025.5 (custom)
    cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1658",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-25T03:55:28.368698Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:29:05.249Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Freedom",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.5",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.5",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.5",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-Bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-19T13:13:21.792Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "DWFX File Parsing Out-of-Bounds Read Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2025-1658",
    "datePublished": "2025-04-01T12:27:24.602Z",
    "dateReserved": "2025-02-24T20:15:53.141Z",
    "dateUpdated": "2026-02-26T18:29:05.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1652 (GCVE-0-2025-1652)

Vulnerability from cvelistv5 – Published: 2025-03-13 16:51 – Updated: 2026-02-26 19:09
VLAI
Title
MODEL File Parsing Out-of-Bounds Read Vulnerability
Summary
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1652",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-25T03:55:30.971954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:31.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-Bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-19T13:12:43.604Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "MODEL File Parsing Out-of-Bounds Read Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2025-1652",
    "datePublished": "2025-03-13T16:51:36.291Z",
    "dateReserved": "2025-02-24T19:20:23.915Z",
    "dateUpdated": "2026-02-26T19:09:31.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1433 (GCVE-0-2025-1433)

Vulnerability from cvelistv5 – Published: 2025-03-13 16:51 – Updated: 2025-08-19 12:56
VLAI
Title
MODEL File Parsing Out-of-Bounds Read Vulnerability
Summary
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1433",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-13T19:36:31.756658Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T19:36:44.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-Bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-19T12:56:16.723Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "MODEL File Parsing Out-of-Bounds Read Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2025-1433",
    "datePublished": "2025-03-13T16:51:06.105Z",
    "dateReserved": "2025-02-18T14:22:17.563Z",
    "dateUpdated": "2025-08-19T12:56:16.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1431 (GCVE-0-2025-1431)

Vulnerability from cvelistv5 – Published: 2025-03-13 16:48 – Updated: 2026-02-26 19:09
VLAI
Title
SLDPRT File Parsing Out-of-Bounds Read Vulnerability
Summary
A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1431",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-25T03:55:39.258425Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:33.641Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-Bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-19T12:50:43.475Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SLDPRT File Parsing Out-of-Bounds Read Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2025-1431",
    "datePublished": "2025-03-13T16:48:51.554Z",
    "dateReserved": "2025-02-18T14:22:15.667Z",
    "dateUpdated": "2026-02-26T19:09:33.641Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1428 (GCVE-0-2025-1428)

Vulnerability from cvelistv5 – Published: 2025-03-13 16:46 – Updated: 2026-02-26 19:09
VLAI
Title
CATPRODUCT File Parsing Out-of-Bounds Read Vulnerability
Summary
A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Autodesk AutoCAD Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Architecture Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Electrical Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Mechanical Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MEP Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD Plant 3D Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Civil 3D Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk Advance Steel Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
Create a notification for this product.
Autodesk AutoCAD MAP 3D Affected: 2025 , < 2025.1.2 (custom)
Affected: 2024 , < 2024.1.7 (custom)
Affected: 2023 , < 2023.1.7 (custom)
Affected: 2022 , < 2022.1.6 (custom)
    cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1428",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-25T03:55:25.617929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:34.702Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "AutoCAD MAP 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2025.1.2",
              "status": "affected",
              "version": "2025",
              "versionType": "custom"
            },
            {
              "lessThan": "2024.1.7",
              "status": "affected",
              "version": "2024",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.1.7",
              "status": "affected",
              "version": "2023",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.1.6",
              "status": "affected",
              "version": "2022",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-Bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-19T12:49:25.168Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "CATPRODUCT File Parsing Out-of-Bounds Read Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2025-1428",
    "datePublished": "2025-03-13T16:46:22.348Z",
    "dateReserved": "2025-02-18T14:22:12.740Z",
    "dateUpdated": "2026-02-26T19:09:34.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1400 (GCVE-0-2025-1400)

Vulnerability from cvelistv5 – Published: 2025-05-07 07:04 – Updated: 2025-05-07 14:02
VLAI
Title
Out-of-bounds Read in libplctag library
Summary
Out-of-bounds Read vulnerability in unpack_response (conn.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
libplctag libplctag Affected: 2.0 , ≤ 2.6.3 (semver)
Create a notification for this product.
Credits
Gabriele Quagliarella
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1400",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T13:45:40.778148Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T14:02:31.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/libplctag/libplctag",
          "defaultStatus": "unaffected",
          "modules": [
            "unpack_response"
          ],
          "packageName": "libplctag",
          "product": "libplctag",
          "programFiles": [
            "conn.c"
          ],
          "repo": "https://github.com/libplctag/libplctag",
          "vendor": "libplctag",
          "versions": [
            {
              "lessThanOrEqual": "2.6.3",
              "status": "affected",
              "version": "2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Gabriele Quagliarella"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Out-of-bounds Read vulnerability in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eunpack_response (conn.c) in\u003c/span\u003e libplctag \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 2.0 through 2.6.3 allows O\u003c/span\u003everread Buffers via network."
            }
          ],
          "value": "Out-of-bounds Read vulnerability in\u00a0unpack_response (conn.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-540",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-540 Overread Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-07T07:04:29.943Z",
        "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "shortName": "Nozomi"
      },
      "references": [
        {
          "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-1400"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To fix this issue, it\u0027s suggested to update libplctag to v2.6.4\u003cbr\u003e"
            }
          ],
          "value": "To fix this issue, it\u0027s suggested to update libplctag to v2.6.4"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Out-of-bounds Read in libplctag library",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
    "assignerShortName": "Nozomi",
    "cveId": "CVE-2025-1400",
    "datePublished": "2025-05-07T07:04:29.943Z",
    "dateReserved": "2025-02-17T16:14:04.871Z",
    "dateUpdated": "2025-05-07T14:02:31.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1399 (GCVE-0-2025-1399)

Vulnerability from cvelistv5 – Published: 2025-05-07 07:04 – Updated: 2025-05-07 14:02
VLAI
Title
Out-of-bounds Read in libplctag library
Summary
Out-of-bounds Read vulnerability in unpack_response (session.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
libplctag libplctag Affected: 2.0 , ≤ 2.6.3 (semver)
Create a notification for this product.
Credits
Gabriele Quagliarella
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1399",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T13:45:44.147089Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T14:02:39.411Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/libplctag/libplctag",
          "defaultStatus": "unaffected",
          "modules": [
            "unpack_response"
          ],
          "packageName": "libplctag",
          "product": "libplctag",
          "programFiles": [
            "session.c"
          ],
          "repo": "https://github.com/libplctag/libplctag",
          "vendor": "libplctag",
          "versions": [
            {
              "lessThanOrEqual": "2.6.3",
              "status": "affected",
              "version": "2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Gabriele Quagliarella"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Out-of-bounds Read vulnerability in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eunpack_response (session.c) in\u003c/span\u003e libplctag \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 2.0 through 2.6.3 allows O\u003c/span\u003everread Buffers via network."
            }
          ],
          "value": "Out-of-bounds Read vulnerability in\u00a0unpack_response (session.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-540",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-540 Overread Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-07T07:04:10.708Z",
        "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "shortName": "Nozomi"
      },
      "references": [
        {
          "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-1399"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To fix this issue, it\u0027s suggested to update libplctag to v2.6.4\u003cbr\u003e"
            }
          ],
          "value": "To fix this issue, it\u0027s suggested to update libplctag to v2.6.4"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Out-of-bounds Read in libplctag library",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
    "assignerShortName": "Nozomi",
    "cveId": "CVE-2025-1399",
    "datePublished": "2025-05-07T07:04:10.708Z",
    "dateReserved": "2025-02-17T16:14:03.977Z",
    "dateUpdated": "2025-05-07T14:02:39.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1254 (GCVE-0-2025-1254)

Vulnerability from cvelistv5 – Published: 2025-05-08 08:32 – Updated: 2025-12-16 16:14
VLAI
Title
Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.
Summary
Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
RTI
References
Impacted products
Vendor Product Version
RTI Connext Professional Affected: 7.4.0 , < 7.5.0 (custom)
Affected: 7.0.0 , < 7.3.0.7 (custom)
Affected: 6.1.0 , < 6.1.2.23 (custom)
Affected: 6.0.0 , < 6.0.1.42 (custom)
Create a notification for this product.
Date Public
2025-05-06 19:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1254",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T13:54:50.480897Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T13:55:52.753Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Recording Service"
          ],
          "packageName": "connext_professional",
          "packageURL": "pkg:generic/connext_professional",
          "product": "Connext Professional",
          "vendor": "RTI",
          "versions": [
            {
              "lessThan": "7.5.0",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.2.23",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.1.42",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.5.0",
                  "versionStartIncluding": "7.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.3.0.7",
                  "versionStartIncluding": "7.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.2.23",
                  "versionStartIncluding": "6.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.1.42",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                }
              ],
              "negated": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-05-06T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.\u003cp\u003eThis issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42.\u003c/p\u003e"
            }
          ],
          "value": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        },
        {
          "capecId": "CAPEC-540",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-540 Overread Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "Security Extensions Enabled"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T16:14:07.918Z",
        "orgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
        "shortName": "RTI"
      },
      "references": [
        {
          "url": "https://www.rti.com/vulnerabilities/#cve-2025-1254"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Recording Service) allows Overflow Buffers, Overread Buffers.",
      "x_generator": {
        "engine": "RTI Lubna 1.14.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3f572a00-62e2-4423-959a-7ea25eff1638",
    "assignerShortName": "RTI",
    "cveId": "CVE-2025-1254",
    "datePublished": "2025-05-08T08:32:43.287Z",
    "dateReserved": "2025-02-12T15:31:57.062Z",
    "dateUpdated": "2025-12-16T16:14:07.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-0911 (GCVE-0-2025-0911)

Vulnerability from cvelistv5 – Published: 2025-02-11 19:58 – Updated: 2025-02-12 15:36
VLAI
Title
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25957.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
zdi
References
Impacted products
Date Public
2025-01-31 22:07
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0911",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T20:27:03.362837Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:36:38.639Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "PDF-XChange Editor",
          "vendor": "PDF-XChange",
          "versions": [
            {
              "status": "affected",
              "version": "10.4.4.392"
            }
          ]
        }
      ],
      "dateAssigned": "2025-01-30T20:36:57.570Z",
      "datePublic": "2025-01-31T22:07:27.768Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25957."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T19:58:33.626Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-066",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-066/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Anonymous"
      },
      "title": "PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-0911",
    "datePublished": "2025-02-11T19:58:33.626Z",
    "dateReserved": "2025-01-30T20:36:57.517Z",
    "dateUpdated": "2025-02-12T15:36:38.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0909 (GCVE-0-2025-0909)

Vulnerability from cvelistv5 – Published: 2025-02-11 19:58 – Updated: 2025-02-11 20:54
VLAI
Title
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25678.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
zdi
References
Impacted products
Date Public
2025-01-31 22:06
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0909",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T20:54:32.562208Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T20:54:36.233Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "PDF-XChange Editor",
          "vendor": "PDF-XChange",
          "versions": [
            {
              "status": "affected",
              "version": "10.4.3.391"
            }
          ]
        }
      ],
      "dateAssigned": "2025-01-30T20:36:49.192Z",
      "datePublic": "2025-01-31T22:06:53.954Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25678."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T19:58:09.870Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-25-064",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-064/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Rocco Calvi (@TecR0c) with TecSecurity"
      },
      "title": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2025-0909",
    "datePublished": "2025-02-11T19:58:09.870Z",
    "dateReserved": "2025-01-30T20:36:49.145Z",
    "dateUpdated": "2025-02-11T20:54:36.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Architecture and Design

Strategy: Language Selection

Use a language that provides appropriate memory abstractions.

CAPEC-540: Overread Buffers

An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.