Use of Uninitialized Variable

CVE-2025-1650

High

7.8/10

Summary

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-457 - Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

References

Advisory Timeline

Published Mar 13, 2025

Use of Uninitialized Variable

CVE-2025-1650

Summary

CWE-457 - Use of Uninitialized Variable

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS