CVE-2025-25175
Published: 13 March 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
CVE-2025-25175 is a memory corruption vulnerability (CWE-119) in Simcenter Femap V2401 (all versions prior to V2401.0003) and Simcenter Femap V2406 (all versions prior to V2406.0002). The flaw arises during the parsing of specially crafted .NEU files, which can lead to arbitrary code execution in the context of the current process. Published on 2025-03-13, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
An attacker with local access can exploit this vulnerability by tricking a user into opening a malicious .NEU file in the affected Simcenter Femap application, requiring no privileges but relying on user interaction. Successful exploitation allows code execution with high impacts to confidentiality, integrity, and availability within the process context.
Siemens advisory SSA-920092 (https://cert-portal.siemens.com/productcert/html/ssa-920092.html) addresses the issue, with mitigation achieved by updating to Simcenter Femap V2401.0003 or later for the V2401 series, or V2406.0002 or later for the V2406 series. The vulnerability was reported as ZDI-CAN-25443.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a memory corruption flaw in .NEU file parsing that enables arbitrary code execution when a user opens a malicious file, directly mapping to T1204.002 Malicious File.