Skip to main content

CVE-2025-1883: CWE-787 Out-of-bounds Write in Dassault Systèmes SOLIDWORKS eDrawings

High
VulnerabilityCVE-2025-1883cvecve-2025-1883cwe-787
Published: Fri May 02 2025 (05/02/2025, 15:03:08 UTC)
Source: CVE
Vendor/Project: Dassault Systèmes
Product: SOLIDWORKS eDrawings

Description

Out-Of-Bounds Write vulnerability exists in the OBJ file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted OBJ file.

AI-Powered Analysis

AILast updated: 06/25/2025, 23:42:30 UTC

Technical Analysis

CVE-2025-1883 is a high-severity vulnerability classified as CWE-787 (Out-of-Bounds Write) found in Dassault Systèmes' SOLIDWORKS eDrawings, specifically in the OBJ file reading procedure of the Release SOLIDWORKS Desktop 2025 SP0 version. This vulnerability arises when the software processes specially crafted OBJ files, which are commonly used 3D geometry definition files. Due to improper bounds checking during the parsing of these files, an attacker can trigger an out-of-bounds write condition, potentially leading to arbitrary code execution within the context of the user opening the malicious file. The vulnerability requires local access to open the file (Attack Vector: Local), does not require privileges (PR:N), but does require user interaction (UI:R) since the victim must open the crafted OBJ file. The impact is critical across confidentiality, integrity, and availability, as successful exploitation can lead to full system compromise, data theft, or system disruption. No known exploits are currently reported in the wild, but the high CVSS score of 7.8 indicates a significant risk once exploitation techniques become available. The vulnerability affects only the 2025 SP0 release of SOLIDWORKS Desktop eDrawings, a widely used CAD visualization tool in engineering and manufacturing sectors. Given the nature of the vulnerability, attackers could craft OBJ files distributed via email, shared drives, or collaboration platforms to target users. The lack of an available patch at the time of publication increases the urgency for mitigation and monitoring.

Potential Impact

European organizations using SOLIDWORKS eDrawings 2025 SP0, particularly in engineering, manufacturing, automotive, aerospace, and industrial design sectors, face a substantial risk. Exploitation could lead to unauthorized code execution, enabling attackers to steal intellectual property, disrupt design workflows, or implant persistent malware. This is especially critical for companies involved in sensitive or regulated industries such as aerospace or defense manufacturing, where data confidentiality and integrity are paramount. The vulnerability's local attack vector and requirement for user interaction mean that social engineering or insider threats could facilitate exploitation. The potential for widespread impact is heightened in collaborative environments where OBJ files are frequently exchanged. Disruption could lead to delays in product development cycles, financial losses, and reputational damage. Additionally, compromised systems could serve as entry points for broader network intrusions, threatening supply chain security and critical infrastructure. The absence of known exploits currently provides a window for proactive defense, but organizations must act swiftly to prevent future attacks.

Mitigation Recommendations

1. Implement strict file handling policies: Restrict the opening of OBJ files to trusted sources only and educate users on the risks of opening files from unverified origins. 2. Employ application whitelisting and sandboxing: Run SOLIDWORKS eDrawings within a sandbox or isolated environment to contain potential exploitation effects. 3. Monitor and control local file execution: Use endpoint detection and response (EDR) tools to monitor suspicious activities related to file parsing and execution. 4. Network segmentation: Limit access to critical design and engineering systems to reduce lateral movement if compromise occurs. 5. Maintain up-to-date backups of design files and system states to enable recovery in case of compromise. 6. Engage with Dassault Systèmes for timely patch deployment once available and subscribe to vendor security advisories. 7. Use advanced email filtering and malware detection to prevent delivery of malicious OBJ files. 8. Conduct targeted user awareness training focusing on the risks of opening unsolicited or unexpected 3D model files. 9. Implement strict privilege management to minimize the impact of any successful exploitation by limiting user permissions. 10. Consider deploying file integrity monitoring on directories where OBJ files are stored or accessed to detect unauthorized modifications.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
3DS
Date Reserved
2025-03-03T12:31:54.539Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9838c4522896dcbebf9a

Added to database: 5/21/2025, 9:09:12 AM

Last enriched: 6/25/2025, 11:42:30 PM

Last updated: 7/31/2025, 1:37:34 PM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats