Summary
Autodesk Inc. resolves 22 high severity security vulnerabilities affecting AutoCAD, Civil 3D, Advance Steel, and DWG TrueView products. These vulnerabilities, if exploited, could allow arbitrary code to be executed on affected systems, access sensitive data, and/or cause a user’s software or device to become unavailable.
Risk
Vulnerability community impact estimate: MEDIUM/YELLOW (63.84/100)1.
Type
- Arbitrary Code Execution
- Denial of Service
- Arbitrary File Write/Read
- Information Disclosure
- Security Restrictions Bypass
Affected products and/or versions
Autodesk
- AutoCAD 2024, versions prior to 2024.1.6
- AutoCAD Architecture 2024, versions prior to 2024.1.6
- AutoCAD Electrical 2024, versions prior to 2024.1.6
- AutoCAD Mechanical 2024, versions prior to 2024.1.6
- AutoCAD MEP 2024, versions prior to 2024.1.6
- AutoCAD Plant 3D 2024, versions prior to 2024.1.6
- Civil 3D 2024, versions prior to 2024.1.6
- Advance Steel 2024, versions prior to 2024.1.6
- AutoCAD 2025, versions prior to 2025.1.1
- AutoCAD Architecture 2025, versions prior to 2025.1.1
- AutoCAD Electrical 2025, prior to 2025.1.1
- AutoCAD Mechanical 2025, prior to 2025.1.1
- AutoCAD MEP 2025, prior to 2025.1.1
- AutoCAD Plant 3D 2025, prior to 2025.1.1
- AutoCAD LT 2025, prior to 2025.1.1
- Civil 3D 2025, prior to 2025.1.1
- Advance Steel 2025, prior to 2025.1.1
- DWG TrueView 2025, prior to 2025.1.1
Mitigation Actions
In line with vendor statements, it is recommended that vulnerable products be updated according to the security bulletins listed in the section References.
Unique Vulnerability Identifiers
References
https://www.autodesk.com/trust/security-advisories
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0020
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.