Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for SOLIDWORKS eDrawings by Dassault Systèmes

    CVE-2026-1335 (GCVE-0-2026-1335)

    Vulnerability from nvd – Published: 2026-02-16 13:36 – Updated: 2026-02-26 14:44
    VLAI
    Title
    Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026
    Summary
    An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP5 (custom)
    Affected: Release SOLIDWORKS Desktop 2026 SP0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1335",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T04:56:23.913446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:19.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2026 SP0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
                }
              ],
              "value": "An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-16T13:36:50.914Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1335"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2026-1335",
        "datePublished": "2026-02-16T13:36:50.914Z",
        "dateReserved": "2026-01-22T08:11:00.363Z",
        "dateUpdated": "2026-02-26T14:44:19.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1334 (GCVE-0-2026-1334)

    Vulnerability from nvd – Published: 2026-02-16 13:36 – Updated: 2026-02-26 14:44
    VLAI
    Title
    Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026
    Summary
    An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP5 (custom)
    Affected: Release SOLIDWORKS Desktop 2026 SP0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1334",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T04:56:23.134147Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:20.014Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2026 SP0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
                }
              ],
              "value": "An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-16T13:36:41.632Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1334"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2026-1334",
        "datePublished": "2026-02-16T13:36:41.632Z",
        "dateReserved": "2026-01-22T08:10:56.326Z",
        "dateUpdated": "2026-02-26T14:44:20.014Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1333 (GCVE-0-2026-1333)

    Vulnerability from nvd – Published: 2026-02-16 13:35 – Updated: 2026-02-26 14:44
    VLAI
    Title
    Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026
    Summary
    A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP5 (custom)
    Affected: Release SOLIDWORKS Desktop 2026 SP0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T04:56:22.391850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:20.234Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2026 SP0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
                }
              ],
              "value": "A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "CWE-457 Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-16T13:35:51.031Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1333"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2026-1333",
        "datePublished": "2026-02-16T13:35:51.031Z",
        "dateReserved": "2026-01-22T08:10:51.866Z",
        "dateUpdated": "2026-02-26T14:44:20.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1284 (GCVE-0-2026-1284)

    Vulnerability from nvd – Published: 2026-01-26 13:25 – Updated: 2026-02-26 15:04
    VLAI
    Title
    Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026
    Summary
    An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP5 (custom)
    Affected: Release SOLIDWORKS Desktop 2026 SP0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1284",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T04:56:30.341420Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:51.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2026 SP0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
                }
              ],
              "value": "An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T08:24:00.221Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1284"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2026-1284",
        "datePublished": "2026-01-26T13:25:12.900Z",
        "dateReserved": "2026-01-21T11:57:40.910Z",
        "dateUpdated": "2026-02-26T15:04:51.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1283 (GCVE-0-2026-1283)

    Vulnerability from nvd – Published: 2026-01-26 13:25 – Updated: 2026-02-26 15:04
    VLAI
    Title
    Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026
    Summary
    A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP5 (custom)
    Affected: Release SOLIDWORKS Desktop 2026 SP0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1283",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T04:56:31.095697Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:52.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2026 SP0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
                }
              ],
              "value": "A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T08:23:16.744Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1283"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2026-1283",
        "datePublished": "2026-01-26T13:25:04.586Z",
        "dateReserved": "2026-01-21T11:57:34.125Z",
        "dateUpdated": "2026-02-26T15:04:52.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9450 (GCVE-0-2025-9450)

    Vulnerability from nvd – Published: 2025-09-17 06:13 – Updated: 2025-09-17 12:51
    VLAI
    Title
    Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9450",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T12:50:53.364662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-17T12:51:00.889Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP3",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
                }
              ],
              "value": "A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "CWE-457 Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-17T06:13:25.958Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9450"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-9450",
        "datePublished": "2025-09-17T06:13:25.958Z",
        "dateReserved": "2025-08-25T14:10:46.630Z",
        "dateUpdated": "2025-09-17T12:51:00.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-9449 (GCVE-0-2025-9449)

    Vulnerability from nvd – Published: 2025-09-17 06:13 – Updated: 2025-09-17 12:50
    VLAI
    Title
    Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9449",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T12:50:22.306988Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-17T12:50:33.276Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP3",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file."
                }
              ],
              "value": "A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-17T06:13:08.090Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9449"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-9449",
        "datePublished": "2025-09-17T06:13:08.090Z",
        "dateReserved": "2025-08-25T14:10:43.713Z",
        "dateUpdated": "2025-09-17T12:50:33.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-9447 (GCVE-0-2025-9447)

    Vulnerability from nvd – Published: 2025-09-17 06:12 – Updated: 2025-09-17 12:50
    VLAI
    Title
    Out-Of-Bounds Read affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9447",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T12:49:57.341376Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-17T12:50:06.853Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP3",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file."
                }
              ],
              "value": "An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-17T06:12:58.127Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9447"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Out-Of-Bounds Read affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-9447",
        "datePublished": "2025-09-17T06:12:58.127Z",
        "dateReserved": "2025-08-25T14:10:36.576Z",
        "dateUpdated": "2025-09-17T12:50:06.853Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7042 (GCVE-0-2025-7042)

    Vulnerability from nvd – Published: 2025-07-15 15:04 – Updated: 2025-07-15 15:18
    VLAI
    Title
    Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-15T15:18:32.485443Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T15:18:44.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file."
                }
              ],
              "value": "Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T15:04:43.023Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-7042"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-7042",
        "datePublished": "2025-07-15T15:04:43.023Z",
        "dateReserved": "2025-07-03T06:53:56.025Z",
        "dateUpdated": "2025-07-15T15:18:44.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6974 (GCVE-0-2025-6974)

    Vulnerability from nvd – Published: 2025-07-15 15:04 – Updated: 2025-07-15 15:20
    VLAI
    Title
    Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6974",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-15T15:20:40.017446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T15:20:51.039Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
                }
              ],
              "value": "Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "CWE-457 Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T15:04:16.913Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6974"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-6974",
        "datePublished": "2025-07-15T15:04:16.913Z",
        "dateReserved": "2025-07-01T13:14:23.199Z",
        "dateUpdated": "2025-07-15T15:20:51.039Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6973 (GCVE-0-2025-6973)

    Vulnerability from nvd – Published: 2025-07-15 15:03 – Updated: 2025-07-15 15:25
    VLAI
    Title
    Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6973",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-15T15:25:43.080276Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T15:25:55.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use After Free vulnerability exists in the JTfile reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
                }
              ],
              "value": "Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T15:03:51.740Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6973"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-6973",
        "datePublished": "2025-07-15T15:03:51.740Z",
        "dateReserved": "2025-07-01T13:14:20.463Z",
        "dateUpdated": "2025-07-15T15:25:55.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6972 (GCVE-0-2025-6972)

    Vulnerability from nvd – Published: 2025-07-15 15:02 – Updated: 2025-07-15 15:28
    VLAI
    Title
    Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6972",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-15T15:28:28.758761Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T15:28:39.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file."
                }
              ],
              "value": "Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T15:02:42.714Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6972"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-6972",
        "datePublished": "2025-07-15T15:02:42.714Z",
        "dateReserved": "2025-07-01T13:14:15.644Z",
        "dateUpdated": "2025-07-15T15:28:39.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6971 (GCVE-0-2025-6971)

    Vulnerability from nvd – Published: 2025-07-15 15:02 – Updated: 2025-07-15 15:30
    VLAI
    Title
    Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-15T15:30:23.317496Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T15:30:36.848Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file."
                }
              ],
              "value": "Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T15:02:05.556Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6971"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-6971",
        "datePublished": "2025-07-15T15:02:05.556Z",
        "dateReserved": "2025-07-01T13:14:07.697Z",
        "dateUpdated": "2025-07-15T15:30:36.848Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0831 (GCVE-0-2025-0831)

    Vulnerability from nvd – Published: 2025-07-15 15:00 – Updated: 2025-07-15 20:45
    VLAI
    Title
    Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-15T20:44:54.323284Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T20:45:04.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
                }
              ],
              "value": "Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T15:01:42.294Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-0831"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-0831",
        "datePublished": "2025-07-15T15:00:10.987Z",
        "dateReserved": "2025-01-29T12:04:23.816Z",
        "dateUpdated": "2025-07-15T20:45:04.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1884 (GCVE-0-2025-1884)

    Vulnerability from nvd – Published: 2025-05-02 15:03 – Updated: 2025-05-02 15:32
    VLAI
    Title
    Use-After-Free vulnerability exists in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Use-After-Free vulnerability exists in the SLDPRT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP1.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1884",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-02T15:26:09.843812Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-02T15:32:37.751Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP1.2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use-After-Free vulnerability exists in the SLDPRT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file."
                }
              ],
              "value": "Use-After-Free vulnerability exists in the SLDPRT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-02T15:03:25.073Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use-After-Free vulnerability exists in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-1884",
        "datePublished": "2025-05-02T15:03:25.073Z",
        "dateReserved": "2025-03-03T12:31:58.250Z",
        "dateUpdated": "2025-05-02T15:32:37.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-1883 (GCVE-0-2025-1883)

    Vulnerability from nvd – Published: 2025-05-02 15:03 – Updated: 2025-05-02 15:36
    VLAI
    Title
    Out-Of-Bounds Write vulnerability exists in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Out-Of-Bounds Write vulnerability exists in the OBJ file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted OBJ file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    References
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP1.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-02T15:32:48.421008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-02T15:36:48.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP1.2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-Of-Bounds Write vulnerability exists in the OBJ file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted OBJ\u00c2\u00a0file."
                }
              ],
              "value": "Out-Of-Bounds Write vulnerability exists in the OBJ file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted OBJ\u00c2\u00a0file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-02T15:03:08.513Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/vulnerability/advisories"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Out-Of-Bounds Write vulnerability exists in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-1883",
        "datePublished": "2025-05-02T15:03:08.513Z",
        "dateReserved": "2025-03-03T12:31:54.539Z",
        "dateUpdated": "2025-05-02T15:36:48.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-1335 (GCVE-0-2026-1335)

    Vulnerability from cvelistv5 – Published: 2026-02-16 13:36 – Updated: 2026-02-26 14:44
    VLAI
    Title
    Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026
    Summary
    An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP5 (custom)
    Affected: Release SOLIDWORKS Desktop 2026 SP0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1335",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T04:56:23.913446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:19.860Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2026 SP0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
                }
              ],
              "value": "An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-16T13:36:50.914Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1335"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2026-1335",
        "datePublished": "2026-02-16T13:36:50.914Z",
        "dateReserved": "2026-01-22T08:11:00.363Z",
        "dateUpdated": "2026-02-26T14:44:19.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1334 (GCVE-0-2026-1334)

    Vulnerability from cvelistv5 – Published: 2026-02-16 13:36 – Updated: 2026-02-26 14:44
    VLAI
    Title
    Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026
    Summary
    An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP5 (custom)
    Affected: Release SOLIDWORKS Desktop 2026 SP0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1334",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T04:56:23.134147Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:20.014Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2026 SP0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
                }
              ],
              "value": "An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-16T13:36:41.632Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1334"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2026-1334",
        "datePublished": "2026-02-16T13:36:41.632Z",
        "dateReserved": "2026-01-22T08:10:56.326Z",
        "dateUpdated": "2026-02-26T14:44:20.014Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1333 (GCVE-0-2026-1333)

    Vulnerability from cvelistv5 – Published: 2026-02-16 13:35 – Updated: 2026-02-26 14:44
    VLAI
    Title
    Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026
    Summary
    A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP5 (custom)
    Affected: Release SOLIDWORKS Desktop 2026 SP0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1333",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T04:56:22.391850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:20.234Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2026 SP0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
                }
              ],
              "value": "A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "CWE-457 Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-16T13:35:51.031Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1333"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2026-1333",
        "datePublished": "2026-02-16T13:35:51.031Z",
        "dateReserved": "2026-01-22T08:10:51.866Z",
        "dateUpdated": "2026-02-26T14:44:20.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1284 (GCVE-0-2026-1284)

    Vulnerability from cvelistv5 – Published: 2026-01-26 13:25 – Updated: 2026-02-26 15:04
    VLAI
    Title
    Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026
    Summary
    An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP5 (custom)
    Affected: Release SOLIDWORKS Desktop 2026 SP0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1284",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T04:56:30.341420Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:51.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2026 SP0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
                }
              ],
              "value": "An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T08:24:00.221Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1284"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2026-1284",
        "datePublished": "2026-01-26T13:25:12.900Z",
        "dateReserved": "2026-01-21T11:57:40.910Z",
        "dateUpdated": "2026-02-26T15:04:51.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1283 (GCVE-0-2026-1283)

    Vulnerability from cvelistv5 – Published: 2026-01-26 13:25 – Updated: 2026-02-26 15:04
    VLAI
    Title
    Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026
    Summary
    A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP5 (custom)
    Affected: Release SOLIDWORKS Desktop 2026 SP0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1283",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T04:56:31.095697Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:52.136Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP5",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2026 SP0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
                }
              ],
              "value": "A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T08:23:16.744Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1283"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2026-1283",
        "datePublished": "2026-01-26T13:25:04.586Z",
        "dateReserved": "2026-01-21T11:57:34.125Z",
        "dateUpdated": "2026-02-26T15:04:52.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9450 (GCVE-0-2025-9450)

    Vulnerability from cvelistv5 – Published: 2025-09-17 06:13 – Updated: 2025-09-17 12:51
    VLAI
    Title
    Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9450",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T12:50:53.364662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-17T12:51:00.889Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP3",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
                }
              ],
              "value": "A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "CWE-457 Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-17T06:13:25.958Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9450"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-9450",
        "datePublished": "2025-09-17T06:13:25.958Z",
        "dateReserved": "2025-08-25T14:10:46.630Z",
        "dateUpdated": "2025-09-17T12:51:00.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-9449 (GCVE-0-2025-9449)

    Vulnerability from cvelistv5 – Published: 2025-09-17 06:13 – Updated: 2025-09-17 12:50
    VLAI
    Title
    Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9449",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T12:50:22.306988Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-17T12:50:33.276Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP3",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file."
                }
              ],
              "value": "A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-17T06:13:08.090Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9449"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-9449",
        "datePublished": "2025-09-17T06:13:08.090Z",
        "dateReserved": "2025-08-25T14:10:43.713Z",
        "dateUpdated": "2025-09-17T12:50:33.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-9447 (GCVE-0-2025-9447)

    Vulnerability from cvelistv5 – Published: 2025-09-17 06:12 – Updated: 2025-09-17 12:50
    VLAI
    Title
    Out-Of-Bounds Read affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9447",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-17T12:49:57.341376Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-17T12:50:06.853Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP3",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file."
                }
              ],
              "value": "An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-17T06:12:58.127Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9447"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Out-Of-Bounds Read affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-9447",
        "datePublished": "2025-09-17T06:12:58.127Z",
        "dateReserved": "2025-08-25T14:10:36.576Z",
        "dateUpdated": "2025-09-17T12:50:06.853Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7042 (GCVE-0-2025-7042)

    Vulnerability from cvelistv5 – Published: 2025-07-15 15:04 – Updated: 2025-07-15 15:18
    VLAI
    Title
    Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-15T15:18:32.485443Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T15:18:44.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file."
                }
              ],
              "value": "Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T15:04:43.023Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-7042"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-7042",
        "datePublished": "2025-07-15T15:04:43.023Z",
        "dateReserved": "2025-07-03T06:53:56.025Z",
        "dateUpdated": "2025-07-15T15:18:44.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6974 (GCVE-0-2025-6974)

    Vulnerability from cvelistv5 – Published: 2025-07-15 15:04 – Updated: 2025-07-15 15:20
    VLAI
    Title
    Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-457 - Use of Uninitialized Variable
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6974",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-15T15:20:40.017446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T15:20:51.039Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
                }
              ],
              "value": "Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-457",
                  "description": "CWE-457 Use of Uninitialized Variable",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T15:04:16.913Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6974"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-6974",
        "datePublished": "2025-07-15T15:04:16.913Z",
        "dateReserved": "2025-07-01T13:14:23.199Z",
        "dateUpdated": "2025-07-15T15:20:51.039Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6973 (GCVE-0-2025-6973)

    Vulnerability from cvelistv5 – Published: 2025-07-15 15:03 – Updated: 2025-07-15 15:25
    VLAI
    Title
    Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6973",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-15T15:25:43.080276Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T15:25:55.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use After Free vulnerability exists in the JTfile reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
                }
              ],
              "value": "Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T15:03:51.740Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6973"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-6973",
        "datePublished": "2025-07-15T15:03:51.740Z",
        "dateReserved": "2025-07-01T13:14:20.463Z",
        "dateUpdated": "2025-07-15T15:25:55.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6972 (GCVE-0-2025-6972)

    Vulnerability from cvelistv5 – Published: 2025-07-15 15:02 – Updated: 2025-07-15 15:28
    VLAI
    Title
    Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6972",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-15T15:28:28.758761Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T15:28:39.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file."
                }
              ],
              "value": "Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T15:02:42.714Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6972"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-6972",
        "datePublished": "2025-07-15T15:02:42.714Z",
        "dateReserved": "2025-07-01T13:14:15.644Z",
        "dateUpdated": "2025-07-15T15:28:39.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6971 (GCVE-0-2025-6971)

    Vulnerability from cvelistv5 – Published: 2025-07-15 15:02 – Updated: 2025-07-15 15:30
    VLAI
    Title
    Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6971",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-15T15:30:23.317496Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T15:30:36.848Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file."
                }
              ],
              "value": "Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T15:02:05.556Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6971"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-6971",
        "datePublished": "2025-07-15T15:02:05.556Z",
        "dateReserved": "2025-07-01T13:14:07.697Z",
        "dateUpdated": "2025-07-15T15:30:36.848Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0831 (GCVE-0-2025-0831)

    Vulnerability from cvelistv5 – Published: 2025-07-15 15:00 – Updated: 2025-07-15 20:45
    VLAI
    Title
    Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
    Summary
    Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes SOLIDWORKS eDrawings Affected: Release SOLIDWORKS Desktop 2025 SP0 , ≤ Release SOLIDWORKS Desktop 2025 SP2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-15T20:44:54.323284Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T20:45:04.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SOLIDWORKS eDrawings",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP2",
                  "status": "affected",
                  "version": "Release SOLIDWORKS Desktop 2025 SP0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
                }
              ],
              "value": "Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T15:01:42.294Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-0831"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-0831",
        "datePublished": "2025-07-15T15:00:10.987Z",
        "dateReserved": "2025-01-29T12:04:23.816Z",
        "dateUpdated": "2025-07-15T20:45:04.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }