CVE-2025-40762
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-20
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | simcenter_femap | From 2406.0000 (inc) to 2406.0003 (exc) |
| siemens | simcenter_femap | From 2412.0000 (inc) to 2412.0002 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-40762 is an out-of-bounds write vulnerability in Siemens Simcenter Femap versions prior to V2406.0003 and V2412.0002. It occurs when the application parses a specially crafted STP file, allowing an attacker to write outside the intended memory boundaries. This flaw can enable the attacker to execute arbitrary code within the context of the current process if a malicious STP file is opened.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code on your system with the privileges of the user running Simcenter Femap. This could lead to unauthorized actions such as data manipulation, system compromise, or further attacks within your environment if a malicious STP file is processed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Simcenter Femap to version V2406.0003 or V2412.0002 or later. As a workaround, avoid opening untrusted STP files in the affected applications. Additionally, follow general security recommendations such as protecting network access and configuring environments according to Siemens' Industrial Security operational guidelines. [1]