CVE-2025-1432
HIGHDescription
A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Is your site exposed to CVE-2025-1432?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| autodesk | autocad |
| autodesk | autocad |
| autodesk | autocad |
| autodesk | autocad |
| autodesk | autocad_architecture |
| autodesk | autocad_architecture |
| autodesk | autocad_architecture |
| autodesk | autocad_architecture |
| autodesk | autocad_electrical |
| autodesk | autocad_electrical |
| autodesk | autocad_electrical |
| autodesk | autocad_electrical |
| autodesk | autocad_mechanical |
| autodesk | autocad_mechanical |
| autodesk | autocad_mechanical |
| autodesk | autocad_mechanical |
| autodesk | autocad_mep |
| autodesk | autocad_mep |
| autodesk | autocad_mep |
| autodesk | autocad_mep |
| autodesk | autocad_plant_3d |
| autodesk | autocad_plant_3d |
| autodesk | autocad_plant_3d |
| autodesk | autocad_plant_3d |
| autodesk | civil_3d |
| autodesk | civil_3d |
| autodesk | civil_3d |
| autodesk | civil_3d |
| autodesk | advance_steel |
| autodesk | advance_steel |
| autodesk | advance_steel |
| autodesk | advance_steel |
| autodesk | autocad_map_3d |
| autodesk | autocad_map_3d |
| autodesk | autocad_map_3d |
| autodesk | autocad_map_3d |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-1432? +
How severe is CVE-2025-1432? +
What products are affected by CVE-2025-1432? +
How do I check if I'm vulnerable to CVE-2025-1432? +
Related Vulnerabilities
Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.7.0, a soundness bug in the …
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the …
YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the …
YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in …
Use-after-free vulnerability in ESET Linux products potentially allowed an attacker to trigger kernel panic on the system
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice …