CVE-2025-6972

Vulnerability

Analysis

CVE-2025-6972 describes a use-after-free vulnerability in the CATPRODUCT file reading procedure of SOLIDWORKS eDrawings, specifically in SOLIDWORKS Desktop 2025 [1]. This class of memory corruption bug occurs when the program continues to reference memory after it has been freed, potentially leading to attacker-controlled data being executed as code.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious CATPRODUCT file and enticing a user to open it in the affected version of SOLIDWORKS eDrawings. Because the vulnerability resides in the file parsing routine, no special network access or authentication is required beyond the ability to deliver the file to the target user.

Impact

Successful exploitation could allow an attacker to execute arbitrary code in the context of the user running eDrawings [1]. This can lead to full system compromise, depending on the user's privileges.

Mitigation

Dassault Systèmes has acknowledged the vulnerability and recommends users apply security updates as per their advisory [1]. No public workarounds are detailed, so applying the latest patch or upgrading to a fixed version is the primary mitigation.