Memory Corruption Vulnerability in Siemens Products
CVE-2025-12659

7.3HIGH

Key Information:

Vendor: Siemens
Status: Simcenter Femap
Vendor: CVE Published:; 12 May 2026

What is CVE-2025-12659?

The affected Siemens applications demonstrate a memory corruption vulnerability present when parsing specially crafted IPT files. This flaw may enable an attacker to execute arbitrary code within the context of the current process, potentially leading to unauthorized access and control over the system.

Affected Version(s)

Simcenter Femap 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8709...

vendor-advisory

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Siemens thanks the following party for its efforts: TrendAI Zero Day Initiative for coordinated disclosure

CVE-2025-12659 Data

JSON