CVE-2025-40740
📋 TL;DR
This vulnerability in Solid Edge SE2025 allows attackers to execute arbitrary code by exploiting an out-of-bounds read when parsing malicious PAR files. The flaw affects all versions before V225.0 Update 5, potentially compromising engineering workstations running this CAD software.
💻 Affected Systems
- Solid Edge SE2025
📦 What is this software?
Solid Edge by Siemens
Solid Edge by Siemens
Solid Edge by Siemens
Solid Edge by Siemens
Solid Edge by Siemens
Solid Edge by Siemens
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via remote code execution, allowing attackers to steal intellectual property, deploy ransomware, or pivot to other systems.
Likely Case
Local privilege escalation or application crash when users open malicious PAR files, potentially leading to data loss or system instability.
If Mitigated
Limited impact with proper network segmentation and user awareness, though still poses risk to engineering data integrity.
🎯 Exploit Status
Exploitation requires user to open specially crafted PAR file; no public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V225.0 Update 5
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-091753.html
Restart Required: Yes
Instructions:
1. Download Solid Edge SE2025 V225.0 Update 5 from Siemens support portal. 2. Close all Solid Edge applications. 3. Run the update installer with administrative privileges. 4. Restart the system after installation completes.
🔧 Temporary Workarounds
Block PAR file extensions
windowsPrevent execution of PAR files via group policy or application control
Using Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: Path: *.par, Security Level: Disallowed
User awareness training
allEducate users not to open PAR files from untrusted sources
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized Solid Edge execution
- Segment engineering workstations from critical network segments and implement strict outbound filtering
🔍 How to Verify
Check if Vulnerable:
Check Solid Edge version: Open Solid Edge > Help > About Solid Edge. If version is earlier than V225.0 Update 5, system is vulnerable.Check Version:
wmic product where "name like 'Solid Edge%'" get versionVerify Fix Applied:
Verify version shows V225.0 Update 5 or later in Help > About Solid Edge dialog.📡 Detection & Monitoring
Log Indicators:
- Application crashes in Solid Edge with PAR file handling
- Windows Event Logs: Application Error events for sedraw.exe
Network Indicators:
- Unusual outbound connections from engineering workstations
- File transfers of PAR files to/from engineering systems
SIEM Query:
EventID=1000 AND Source='Application Error' AND ProcessName='sedraw.exe'