Memory Corruption Vulnerability in Simcenter Femap by Siemens
CVE-2025-25175

7.3HIGH

Key Information:

Vendor: Siemens
Status: Simcenter Femap V2401; Simcenter Femap V2406
Vendor: CVE Published:; 13 March 2025

What is CVE-2025-25175?

A significant memory corruption issue has been identified in Simcenter Femap, impacting various versions prior to V2401.0003 for V2401 and V2406.0002 for V2406. This vulnerability arises during the parsing of specially crafted .NEU files, potentially empowering attackers to execute arbitrary code within the current process context. It is crucial for users of affected versions to assess their systems and apply necessary security measures.

Affected Version(s)

Simcenter Femap V2401 0

Simcenter Femap V2406 0

References

https://cert-portal.siemens.com/productcert/html/ssa-9200...

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2025
Vulnerability Reserved
Feb 3, 2025