CVE-2025-6972 is a high-severity Use After Free (UAF) vulnerability identified in Dassault Systèmes SOLIDWORKS eDrawings, specifically affecting the CATPRODUCT file reading procedure in the 2025 Release of SOLIDWORKS Desktop SP0. The vulnerability arises when the application processes specially crafted CATPRODUCT files, leading to improper memory management where a previously freed memory region is accessed again. This can result in arbitrary code execution under the context of the user opening the malicious file. The vulnerability does not require prior authentication (PR:N) but does require user interaction (UI:R) since the victim must open the malicious file. The attack vector is local (AV:L), meaning the attacker must have some level of access to deliver the file to the target system, for example via email, shared drives, or removable media. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability (all rated high). Exploitation could allow an attacker to execute arbitrary code, potentially leading to full system compromise or data theft. Currently, there are no known exploits in the wild, and no patches have been published yet. The vulnerability is classified under CWE-416 (Use After Free), a common memory corruption flaw that is often exploited for remote code execution in software handling complex file formats. Given the nature of SOLIDWORKS eDrawings as a widely used CAD viewer and collaboration tool in engineering and manufacturing sectors, this vulnerability poses a significant risk to organizations relying on this software for design review and sharing.

For European organizations, the impact of CVE-2025-6972 could be substantial, especially in industries such as automotive, aerospace, industrial machinery, and manufacturing, where SOLIDWORKS eDrawings is commonly used for design collaboration. Successful exploitation could lead to unauthorized code execution, allowing attackers to steal intellectual property, disrupt design workflows, or deploy further malware within corporate networks. The confidentiality of sensitive design files and trade secrets is at high risk, as is the integrity of engineering data. Availability could also be affected if attackers leverage the vulnerability to deploy ransomware or cause system instability. Given the local attack vector but requirement for user interaction, phishing campaigns or supply chain attacks distributing malicious CATPRODUCT files could be effective. European organizations with distributed engineering teams and extensive file sharing are particularly vulnerable. The lack of a patch at this time increases the window of exposure. Additionally, regulatory frameworks such as GDPR emphasize protection of intellectual property and personal data, so breaches resulting from exploitation could lead to compliance issues and financial penalties.

To mitigate this vulnerability, European organizations should implement several targeted measures beyond generic advice: 1) Immediately restrict the opening of CATPRODUCT files from untrusted or unknown sources, including disabling automatic file previews in email clients and collaboration platforms. 2) Educate engineering and design teams about the risk of opening unsolicited or suspicious CAD files, emphasizing verification of file origins. 3) Employ network segmentation to isolate engineering workstations running SOLIDWORKS eDrawings from general corporate networks, limiting lateral movement if exploitation occurs. 4) Use endpoint detection and response (EDR) solutions with behavior-based detection to identify anomalous process activity related to SOLIDWORKS eDrawings. 5) Monitor file sharing systems and email gateways for potentially malicious CATPRODUCT files using custom signatures or heuristics. 6) Coordinate with Dassault Systèmes for timely patch deployment once available and test patches in controlled environments before widespread rollout. 7) Consider application whitelisting or sandboxing for SOLIDWORKS eDrawings to contain potential exploitation. 8) Maintain regular backups of critical design data to enable recovery in case of compromise. These steps, combined with standard cybersecurity hygiene, will reduce the risk of exploitation until an official patch is released.