CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-6972: Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025

7.8 CVSS

Description

Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file.

Classification

CVE ID: CVE-2025-6972

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem Types

CWE-416 Use After Free

Affected Products

Vendor: Dassault Systèmes

Product: SOLIDWORKS eDrawings

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-6972
https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6972

Timeline

2025-07-15 16:40:21 UTC
CVE

Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025