CVE-2025-6974 is a high-severity vulnerability identified in Dassault Systèmes' SOLIDWORKS eDrawings software, specifically affecting the JT file reading procedure in the Release SOLIDWORKS Desktop 2025 SP0 version. The root cause is a Use of Uninitialized Variable (CWE-457) flaw, which occurs when the software processes specially crafted JT files. An uninitialized variable can lead to undefined behavior, including memory corruption, which attackers can exploit to execute arbitrary code. This means that by tricking a user into opening a maliciously crafted JT file, an attacker could gain control over the affected system, potentially executing code with the privileges of the user running the application. The CVSS v3.1 score of 7.8 reflects a high severity, with the vector indicating that the attack requires local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but user interaction is necessary (UI:R). The impact on confidentiality, integrity, and availability is high, as arbitrary code execution can lead to data theft, system compromise, or denial of service. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that organizations need to be vigilant and prepare mitigation strategies proactively. The vulnerability is specific to the JT file parsing component, which is a common CAD data exchange format used in engineering and manufacturing workflows.

For European organizations, especially those in engineering, manufacturing, automotive, aerospace, and industrial design sectors that rely heavily on SOLIDWORKS eDrawings for CAD visualization and collaboration, this vulnerability poses a significant risk. Exploitation could lead to unauthorized code execution on workstations, potentially allowing attackers to steal intellectual property, disrupt design processes, or move laterally within corporate networks. Given the critical role of CAD data in product development and supply chains, a successful attack could cause operational downtime, financial losses, and damage to reputation. The requirement for local access and user interaction means phishing or social engineering campaigns delivering malicious JT files are likely attack vectors. The high impact on confidentiality and integrity is particularly concerning for organizations handling sensitive design data subject to strict regulatory compliance and export controls within Europe.

Organizations should implement a multi-layered approach: 1) Restrict the opening of JT files from untrusted or unknown sources and educate users about the risks of opening unsolicited CAD files. 2) Employ application whitelisting and sandboxing techniques to isolate SOLIDWORKS eDrawings processes, limiting the impact of potential exploitation. 3) Monitor and control local access to workstations running the affected software to reduce the risk of local exploitation. 4) Maintain up-to-date backups of critical design data to enable recovery in case of compromise. 5) Engage with Dassault Systèmes for timely patches and apply them immediately upon release. 6) Use endpoint detection and response (EDR) solutions to detect anomalous behaviors indicative of exploitation attempts. 7) Implement network segmentation to limit lateral movement if a workstation is compromised. 8) Consider disabling JT file support temporarily if feasible until a patch is available.