CVE-2025-40739
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-08-21
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | solid_edge | to se2025 (inc) |
| siemens | solid_edge | se2025 |
| siemens | solid_edge | se2025 |
| siemens | solid_edge | se2025 |
| siemens | solid_edge | se2025 |
| siemens | solid_edge | se2025 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Solid Edge SE2025 (all versions before V225.0 Update 5) involves an out-of-bounds read past the end of an allocated structure when parsing specially crafted PAR files. This means the software reads memory outside the intended boundary, which can lead to unexpected behavior. Exploiting this flaw could allow an attacker to execute arbitrary code within the context of the current process. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on your system with the same privileges as the Solid Edge process. This could lead to unauthorized actions such as data manipulation, system compromise, or disruption of normal operations. The vulnerability requires opening specially crafted PAR files, so opening untrusted files increases risk. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Solid Edge SE2025 to version V225.0 Update 5 or later. Avoid opening untrusted PAR files in the affected applications. Additionally, secure network access to devices running Solid Edge and follow Siemens' operational guidelines for Industrial Security to reduce risk. [1]