CVE-2025-6973

Vulnerability

Overview CVE-2025-6973 is a use-after-free vulnerability in the JT file reading procedure of SOLIDWORKS eDrawings, affecting SOLIDWORKS Desktop 2025. The flaw occurs when the application improperly handles memory during the parsing of specially crafted JT files, leading to a use-after-free condition [1].

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a malicious JT file in the affected eDrawings application. No additional privileges are required beyond normal user access, and the attack can be triggered locally by opening the file. The vulnerability does not require network access beyond the initial file delivery vector [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the affected application. This could lead to full compromise of the user's system, including data exfiltration, further malware installation, or persistent access. The CVSS 3.1 severity rating of 7.8 (High) reflects the low complexity and high impact of the vulnerability [1].

Mitigation

As of the advisory publication on July 15, 2025, Dassault Systèmes has not released a patch for this vulnerability. Users are advised to exercise caution when opening JT files from untrusted sources. The vendor may provide updates on the security advisory page. No workarounds have been published, but limiting file exchange to trusted sources reduces risk [1].