CVE-2025-9449 is a high-severity Use After Free (UAF) vulnerability identified in Dassault Systèmes SOLIDWORKS eDrawings, specifically affecting the PAR file reading procedure in the SOLIDWORKS Desktop 2025 SP0 release. A Use After Free vulnerability occurs when a program continues to use memory after it has been freed, potentially leading to arbitrary code execution, memory corruption, or crashes. In this case, the vulnerability allows an attacker to craft a malicious PAR file that, when opened by a user in the vulnerable version of SOLIDWORKS eDrawings, triggers the UAF condition. This can enable the attacker to execute arbitrary code with the privileges of the user running the application. The CVSS v3.1 score is 7.8, indicating a high severity level, with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This means the attack requires local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but user interaction is necessary (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No known exploits are reported in the wild yet, and no patches have been linked at the time of publication. The vulnerability stems from improper memory management in the PAR file parsing logic, which is a critical component for users who rely on SOLIDWORKS eDrawings to view and share CAD data. Exploitation could lead to full system compromise or data breaches if an attacker convinces a user to open a malicious file.

For European organizations, the impact of CVE-2025-9449 can be significant, especially for those in manufacturing, engineering, automotive, aerospace, and other industries heavily reliant on CAD software like SOLIDWORKS eDrawings. The ability to execute arbitrary code locally can lead to unauthorized access to sensitive intellectual property, disruption of design workflows, and potential lateral movement within corporate networks. Given the high confidentiality, integrity, and availability impacts, exploitation could result in theft or manipulation of proprietary design data, sabotage of production processes, or ransomware deployment. The requirement for local access and user interaction means phishing or social engineering campaigns could be used to deliver malicious PAR files, targeting employees who handle CAD files. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate it, as attackers often develop exploits rapidly after vulnerability disclosure. European organizations with distributed teams or third-party collaborators exchanging CAD files are particularly vulnerable to supply chain or insider threats leveraging this vulnerability.

1. Immediate mitigation should include educating users to avoid opening PAR files from untrusted or unknown sources until a patch is available. 2. Implement strict file validation and sandboxing policies for CAD file handling applications to limit the impact of malicious files. 3. Employ endpoint detection and response (EDR) solutions to monitor for suspicious behaviors associated with memory corruption or code execution in SOLIDWORKS eDrawings processes. 4. Restrict local user permissions to the minimum necessary, reducing the potential impact of code execution. 5. Network segmentation can limit lateral movement if exploitation occurs. 6. Monitor vendor communications closely for patches or updates and prioritize rapid deployment once available. 7. Consider using application whitelisting or allowlisting to prevent unauthorized execution of unknown binaries that could be dropped by an exploit. 8. Conduct regular security awareness training focused on social engineering risks related to file sharing and CAD workflows. These steps go beyond generic advice by focusing on the specific attack vector (malicious PAR files) and the operational context of CAD software in industrial environments.