CVE-2025-6971

Vulnerability

Analysis

CVE-2025-6971 is a use-after-free vulnerability in the CATPRODUCT file reading procedure of SOLIDWORKS eDrawings on SOLIDWORKS Desktop 2025 [1]. A use-after-free occurs when a program continues to use a memory pointer after it has been freed, leading to undefined behavior. This specific flaw lies in how the application handles CATPRODUCT files, a format used for product data exchange.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious CATPRODUCT file and convincing a user to open it with the affected SOLIDWORKS eDrawings application. No additional privileges beyond file access are required; the attacker relies on user interaction to trigger the flaw. The vulnerability does not require authentication if the user opens the file directly.

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the current user. Given the high CVSS score of 7.8, this could lead to full compromise of the affected system, including data theft, installation of malware, or further lateral movement within a network.

Mitigation

The advisory from the vendor provides details on affected versions [1]. Users should check for updates from Dassault Systèmes and apply any available patches. Until a fix is applied, avoid opening CATPRODUCT files from untrusted sources as a workaround.