Multiple File Parsing Vulnerabilities in Solid Edge

Plan Patch7.8SSA-541582Oct 14, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Solid Edge SE2024 and SE2025 contain multiple file parsing vulnerabilities in the handling of PRT (part) files. When a user opens a specially crafted PRT file, the application fails to properly validate file content, allowing a buffer overflow (CWE-787) or out-of-bounds read (CWE-125). This could result in application crash or arbitrary code execution on the engineer's workstation.

What this means

What could happen

An attacker could crash Solid Edge or run arbitrary code by sending a specially crafted PRT file to an engineer. This could disrupt design and engineering workflows, but does not directly affect running industrial equipment.

Who's at risk

Engineering and design teams using Solid Edge for equipment design and documentation. This affects CAD workstations running Solid Edge SE2024 or SE2025. Manufacturing facilities that rely on Solid Edge for equipment design, asset management, and compliance documentation should ensure their design teams are protected.

How it could be exploited

An attacker crafts a malicious PRT (Solid Edge part) file and tricks an engineer into opening it within Solid Edge. The application parses the file without proper bounds checking, leading to a buffer overflow that allows code execution on the engineer's workstation.

Prerequisites

User interaction required - engineer must open the malicious PRT file
Solid Edge application must be installed on the target workstation
Attacker must be able to deliver the file (email, USB, file share, etc.)

Low complexity attackUser interaction required (reduces risk)Buffer overflow vulnerabilityAffects design workstations used for critical equipment design

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Solid Edge SE2024All versions < V224.0 Update 14224.0 Update 14

Solid Edge SE2025All versions < V225.0 Update 6225.0 Update 6

Remediation & Mitigation

0/2

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

Solid Edge SE2024

HOTFIXUpdate Solid Edge SE2024 to version 224.0 Update 14 or later

Solid Edge SE2025

HOTFIXUpdate Solid Edge SE2025 to version 225.0 Update 6 or later

CVEs (4)

CVE-2025-40809 CVE-2025-40810 CVE-2025-40811 CVE-2025-40812

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6e4dc55b-8f5a-4177-a3a4-9e83f3a5b019