CVE-2025-9450 is a high-severity vulnerability identified in Dassault Systèmes SOLIDWORKS eDrawings, specifically affecting the JT file reading procedure in the Release SOLIDWORKS Desktop 2025 SP0 version. The root cause is a Use of Uninitialized Variable (CWE-457) flaw, which occurs when the software reads JT files without properly initializing certain variables. This can lead to unpredictable behavior, including memory corruption. An attacker can exploit this vulnerability by crafting a malicious JT file that, when opened with the vulnerable eDrawings software, triggers arbitrary code execution. The CVSS v3.1 base score is 7.8, indicating a high level of severity. The attack vector is local (AV:L), meaning the attacker must have local access to the system to open the malicious file. No privileges are required (PR:N), but user interaction is necessary (UI:R) since the victim must open the crafted JT file. The impact on confidentiality, integrity, and availability is high, as arbitrary code execution could allow full system compromise, data theft, or disruption of operations. Currently, there are no known exploits in the wild, and no patches have been published yet. However, the vulnerability is publicly disclosed and should be addressed promptly to prevent exploitation. The vulnerability affects a widely used CAD visualization tool, often employed in engineering, manufacturing, and design workflows, which makes it a significant concern for organizations relying on SOLIDWORKS eDrawings for their product lifecycle management and collaboration processes.

For European organizations, this vulnerability poses a substantial risk, especially those in the manufacturing, automotive, aerospace, and industrial design sectors where SOLIDWORKS eDrawings is commonly used. Successful exploitation could lead to unauthorized code execution on workstations, potentially allowing attackers to steal intellectual property, disrupt design workflows, or move laterally within corporate networks. Given the local attack vector, the threat is higher in environments where users frequently exchange JT files, such as collaborative engineering teams or external partners. The high impact on confidentiality and integrity could result in significant financial losses, reputational damage, and regulatory compliance issues, particularly under GDPR if sensitive data is compromised. Additionally, disruption of design and manufacturing processes could delay production cycles, affecting supply chains and market competitiveness.

European organizations should implement the following specific mitigations: 1) Restrict the opening of JT files to trusted sources only, employing strict file validation and sandboxing techniques where possible. 2) Educate users about the risks of opening JT files from unverified or external origins and enforce policies to minimize unnecessary file exchanges. 3) Monitor and control local access to systems running SOLIDWORKS eDrawings to reduce the risk of malicious file introduction. 4) Employ endpoint detection and response (EDR) solutions capable of detecting anomalous behaviors related to code execution triggered by file parsing. 5) Maintain a robust patch management process and apply any forthcoming security updates from Dassault Systèmes immediately upon release. 6) Consider network segmentation to isolate engineering workstations from critical infrastructure to limit lateral movement in case of compromise. 7) Implement application whitelisting to prevent unauthorized code execution. These measures go beyond generic advice by focusing on controlling the JT file handling process and local access, which are critical given the vulnerability’s attack vector and exploitation method.