VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 13, 2024· Updated May 7, 2025

CVE-2023-49125

CVE-2023-49125

Description

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.263), Parasolid V35.1 (All versions < V35.1.252), Parasolid V36.0 (All versions < V36.0.198), Solid Edge SE2023 (All versions < V223.0 Update 11), Solid Edge SE2024 (All versions < V224.0 Update 3). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted files containing XT format. This could allow an attacker to execute code in the context of the current process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Parasolid and Solid Edge contain an out-of-bounds read vulnerability in XT file parsing that can lead to remote code execution.

Vulnerability

The vulnerability is an out-of-bounds read past the end of an allocated structure that occurs when parsing specially crafted XT format files in Parasolid and Solid Edge. Affected versions include Parasolid V35.0 (all versions < V35.0.263), V35.1 (all versions < V35.1.252), V36.0 (all versions < V36.0.198), Solid Edge SE2023 (all versions < V223.0 Update 11), and Solid Edge SE2024 (all versions < V224.0 Update 3) [1].

Exploitation

An attacker must trick a user into opening a malicious XT file with an affected application. No authentication is required, but user interaction is necessary. The crafted file triggers the out-of-bounds read, which can be leveraged to execute arbitrary code [1].

Impact

Successful exploitation allows an attacker to execute code in the context of the current process, potentially leading to full compromise of the affected system, including disclosure of sensitive information, modification of data, and denial of service [1].

Mitigation

Siemens has released fixed versions: Parasolid V35.0.263, V35.1.252, V36.0.198; Solid Edge SE2023 Update 11, and Solid Edge SE2024 Update 3. Users should update to the latest versions. As a workaround, do not open untrusted XT files [1][2].

References
  1. SSA-797296
  2. SSA-382651

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

7
  • Siemens Foundation/Solid Edgellm-fuzzy3 versions
    < V223.0 Update 11 (SE2023), < V224.0 Update 3 (SE2024)+ 2 more
    • (no CPE)range: < V223.0 Update 11 (SE2023), < V224.0 Update 3 (SE2024)
    • (no CPE)range: 0
    • (no CPE)range: 0
  • Parasolid/Parasolidllm-fuzzy
    Range: < V35.0.263 (V35.0), < V35.1.252 (V35.1), < V36.0.198 (V36.0)
  • Siemens/Parasolid V35.0v5
    Range: 0
  • Siemens/Parasolid V35.1v5
    Range: 0
  • Siemens/Parasolid V36.0v5
    Range: 0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.