Multiple Vulnerabilities in Solid Edge Before SE2025 Update 5
Plan Patch7.8SSA-091753Jul 8, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Solid Edge SE2025 versions before V225.0 Update 5 are vulnerable to file parsing flaws in PAR and CFG file formats. When an engineer opens a specially crafted file, the application can crash or allow arbitrary code execution due to buffer overflow and out-of-bounds read vulnerabilities (CWE-125, CWE-121).
What this means
What could happen
An attacker could crash Solid Edge or execute arbitrary code on an engineering workstation by sending a specially crafted PAR or CFG file, potentially compromising design data or using the workstation as a pivot point into plant networks.
Who's at risk
Design and engineering teams using Solid Edge SE2025 on workstations for CAD design and manufacturing planning. This is primarily a risk to engineering departments and design offices that handle CAD files from external sources or untrusted channels.
How it could be exploited
An attacker sends a malicious PAR or CFG file to an engineer (via email, file share, or USB). When the engineer opens the file in Solid Edge, the application parses the file, triggers a buffer overflow or out-of-bounds read, and the attacker's code runs with the privileges of the engineering user.
Prerequisites
- User interaction required: engineer must open the malicious file in Solid Edge
- Attacker must have ability to deliver the file to the target (email, shared drive, USB, etc.)
User interaction requiredBuffer overflow / out-of-bounds read vulnerabilityArbitrary code execution possibleAffects design data integrity
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Solid Edge SE2025All versions < V225.0 Update 5225.0 Update 5
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Solid Edge SE2025 to version 225.0 Update 5 or later
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c67814ec-8381-4e30-a2b5-70ac2af16b61