CVE-2025-1884 is a high-severity Use-After-Free (CWE-416) vulnerability identified in Dassault Systèmes SOLIDWORKS eDrawings, specifically affecting the Release SOLIDWORKS Desktop 2025 SP0 version. The vulnerability arises in the SLDPRT file reading procedure, where improper memory management leads to a Use-After-Free condition. This flaw allows an attacker to craft a malicious SLDPRT file that, when opened by a user in the vulnerable eDrawings application, can trigger arbitrary code execution. The vulnerability requires local access to the system (Attack Vector: Local) and user interaction (opening the malicious file). No privileges are required to exploit the vulnerability, and the attack complexity is low, meaning exploitation is feasible without specialized conditions. The vulnerability impacts confidentiality, integrity, and availability, as arbitrary code execution could lead to full system compromise, data theft, or disruption of services. Although no known exploits are currently reported in the wild, the high CVSS score of 7.8 reflects the significant risk posed by this vulnerability. The absence of a patch at the time of publication increases the urgency for mitigation. The vulnerability affects a widely used CAD file viewer in engineering and design environments, which often handle sensitive intellectual property and critical design data.

For European organizations, especially those in manufacturing, automotive, aerospace, and engineering sectors, this vulnerability poses a substantial risk. SOLIDWORKS eDrawings is commonly used across Europe for viewing and sharing CAD files, including SLDPRT files that contain detailed 3D part designs. Exploitation could lead to unauthorized code execution on workstations, potentially resulting in theft or manipulation of proprietary design data, disruption of design workflows, and compromise of networked environments. Given the critical role of CAD tools in product development and industrial operations, successful exploitation could have cascading effects on supply chains and intellectual property protection. Additionally, the vulnerability could be leveraged in targeted attacks against European organizations with high-value engineering assets, impacting confidentiality and operational integrity. The requirement for user interaction (opening a malicious file) suggests phishing or social engineering could be vectors, increasing the risk in environments with less stringent user awareness or file handling policies.

1. Implement strict file handling policies: Restrict the opening of SLDPRT files from untrusted or unknown sources, especially via email or external media. 2. Employ sandboxing or application isolation techniques for eDrawings to limit the impact of potential exploitation. 3. Use endpoint detection and response (EDR) solutions to monitor for suspicious behaviors related to eDrawings processes, such as unexpected memory operations or code injection attempts. 4. Educate users on the risks of opening unsolicited CAD files and enforce multi-factor authentication on systems handling sensitive design data to reduce lateral movement post-compromise. 5. Monitor Dassault Systèmes communications closely for patches or updates and prioritize rapid deployment once available. 6. Consider network segmentation to isolate engineering workstations from broader corporate networks to contain potential breaches. 7. Utilize file integrity monitoring on critical design files and audit logs to detect unauthorized modifications. 8. Where possible, employ application whitelisting to prevent execution of unauthorized code spawned by exploitation attempts.