CVE-2025-9447 is a high-severity vulnerability classified as an Out-of-Bounds Read (CWE-125) affecting Dassault Systèmes' SOLIDWORKS eDrawings software, specifically in the PAR file reading procedure of the Release SOLIDWORKS Desktop 2025 SP0 version. This vulnerability arises when the software attempts to process specially crafted PAR files, leading to an out-of-bounds memory read. Such memory corruption can be exploited by an attacker to execute arbitrary code on the victim's machine. The attack vector requires local access (AV:L), does not require privileges (PR:N), but does require user interaction (UI:R), such as opening a malicious PAR file. The vulnerability impacts confidentiality, integrity, and availability, as arbitrary code execution can lead to data theft, system compromise, or denial of service. Although no public exploits are currently known, the CVSS score of 7.8 indicates a significant risk. The vulnerability is present in a widely used CAD viewing and collaboration tool, which is often employed in engineering, manufacturing, and design environments. The lack of available patches at the time of publication increases the urgency for mitigation and monitoring.

For European organizations, especially those in manufacturing, engineering, automotive, aerospace, and industrial design sectors, this vulnerability poses a substantial risk. SOLIDWORKS eDrawings is commonly used to view and share CAD files, including PAR files, which are integral to product design and development workflows. Successful exploitation could allow attackers to execute arbitrary code, potentially leading to intellectual property theft, sabotage of design files, or disruption of critical engineering processes. This could result in financial losses, reputational damage, and operational downtime. Given the reliance on CAD tools in European industrial hubs, the vulnerability could affect supply chains and innovation pipelines. Furthermore, the requirement for user interaction means phishing or social engineering campaigns could be used to deliver malicious PAR files, increasing the attack surface. The absence of known exploits currently provides a window for proactive defense, but organizations must act promptly to prevent future exploitation.

1. Implement strict file handling policies: Restrict the opening of PAR files to trusted sources only. Employ email and endpoint security solutions to scan and block suspicious or unsolicited PAR files. 2. User awareness training: Educate users about the risks of opening files from untrusted sources and the potential for social engineering attacks leveraging this vulnerability. 3. Application isolation: Run SOLIDWORKS eDrawings within sandboxed or virtualized environments to limit the impact of potential exploitation. 4. Monitor for suspicious activity: Deploy endpoint detection and response (EDR) tools to identify anomalous behavior indicative of exploitation attempts, such as unexpected process spawning or memory access violations. 5. Patch management readiness: Although no patches are currently available, maintain close communication with Dassault Systèmes for updates and apply patches immediately upon release. 6. Network segmentation: Limit access to systems running SOLIDWORKS eDrawings to reduce lateral movement opportunities in case of compromise. 7. Incident response planning: Prepare and test response procedures specifically for CAD environment compromises to minimize downtime and data loss.