Use-After-Free Vulnerability in Autodesk AutoCAD Products
CVE-2022-25789

7.8HIGH

Key Information:

Vendor

Autodesk
Status
Autodesk Advanced Steel, Civil 3d, Autocad, Autocad Lt, Autocad Architecture, Autocad Electrical, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d
Vendor
CVE Published:
11 April 2022

What is CVE-2022-25789?

A security flaw affecting Autodesk AutoCAD versions 2022, 2021, 2020, and 2019 allows attackers to exploit maliciously crafted DWF, 3DS, and DWFX files. When such files are processed, a use-after-free vulnerability is triggered, potentially enabling code execution by an unauthorized entity. This exposure emphasizes the importance of keeping software updated to mitigate risks associated with file handling.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D 2022.1.1

References

https://www.autodesk.com/trust/security-advisories/adsk-s...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.