CVE-2025-7042 is a high-severity Use After Free (UAF) vulnerability identified in Dassault Systèmes SOLIDWORKS eDrawings, specifically affecting the IPT file reading procedure in the Release SOLIDWORKS Desktop 2025 SP0 version. The vulnerability arises when the application processes specially crafted IPT files, which are proprietary CAD part files used within the SOLIDWORKS ecosystem. A Use After Free flaw occurs when a program continues to use memory after it has been freed, potentially leading to memory corruption. In this case, an attacker can exploit this vulnerability by convincing a user to open a maliciously crafted IPT file, triggering the UAF condition. This can result in arbitrary code execution within the context of the user running the application. The CVSS 3.1 base score of 7.8 reflects a high severity level, with the vector indicating that the attack requires local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but does require user interaction (UI:R). The impact on confidentiality, integrity, and availability is high, meaning an attacker could fully compromise the affected system. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability is categorized under CWE-416, which is a common and dangerous memory corruption issue often leveraged in targeted attacks to achieve code execution.

For European organizations, this vulnerability poses a significant risk, especially for those in manufacturing, engineering, and design sectors that rely heavily on SOLIDWORKS eDrawings for CAD visualization and collaboration. Successful exploitation could lead to unauthorized code execution, potentially allowing attackers to install malware, steal intellectual property, or disrupt operations. Given the high confidentiality impact, sensitive design data could be exfiltrated, undermining competitive advantage and violating data protection regulations such as GDPR. The requirement for local access and user interaction means that phishing or social engineering campaigns distributing malicious IPT files could be effective attack vectors. The lack of a patch increases exposure time, and organizations with insufficient endpoint security controls or user awareness are particularly vulnerable. Additionally, compromised systems could serve as footholds for lateral movement within corporate networks, amplifying the threat.

European organizations should implement targeted mitigations beyond generic advice. First, restrict the use of SOLIDWORKS eDrawings to trusted users and environments, and enforce strict file handling policies to prevent opening IPT files from unverified sources. Employ application whitelisting and sandboxing techniques to isolate the eDrawings application, limiting the impact of potential exploitation. Enhance endpoint detection and response (EDR) capabilities to monitor for anomalous behaviors indicative of memory corruption or code injection. Conduct user training focused on recognizing suspicious files and social engineering tactics related to CAD file sharing. Until an official patch is released, consider disabling IPT file support if feasible or using alternative secure viewers. Network segmentation should be applied to CAD workstations to contain potential breaches. Finally, maintain up-to-date backups of critical design data to enable recovery in case of compromise.