Login Sign Up

CVE-2025-40762

7.8 HIGH
Remote Code Execution

📋 TL;DR

An out-of-bounds write vulnerability in Simcenter Femap allows remote code execution when parsing malicious STP files. Attackers can execute arbitrary code within the current process context. All users of Simcenter Femap V2406 before V2406.0003 and V2412 before V2412.0002 are affected.

💻 Affected Systems

Products:
  • Simcenter Femap V2406
  • Simcenter Femap V2412
Versions: V2406 versions < V2406.0003, V2412 versions < V2412.0002
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when parsing STP files, which is a core functionality of this engineering simulation software.

📦 What is this software?

Simcenter Femap by Siemens

View all CVEs affecting Simcenter Femap →

Simcenter Femap by Siemens

View all CVEs affecting Simcenter Femap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when users open malicious STP files, potentially leading to malware installation or data exfiltration.

🟢

If Mitigated

Limited impact if proper file validation and user awareness prevent malicious file execution, though risk remains for legitimate file processing.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious STP files. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V2406.0003 for V2406, V2412.0002 for V2412

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-674084.html

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Siemens support portal. 2. Close all Femap instances. 3. Run the installer with administrative privileges. 4. Restart the system to complete installation.

🔧 Temporary Workarounds

Restrict STP file processing

all

Block or restrict processing of STP files from untrusted sources

User awareness training

all

Train users to only open STP files from trusted sources

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized code
  • Use network segmentation to isolate Femap systems from critical assets

🔍 How to Verify

Check if Vulnerable:

Check Femap version via Help > About menu. If version is V2406 < 0003 or V2412 < 0002, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version shows V2406.0003 or V2412.0002 in Help > About menu after patching.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes when opening STP files
  • Suspicious child processes spawned from Femap

Network Indicators:

  • Unexpected outbound connections from Femap process

SIEM Query:

Process creation where parent process contains 'femap' AND (command line contains '.stp' OR file extension is '.stp')

📊 Metadata

CVE ID: CVE-2025-40762
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
EPSS Score: 0.02% exploit probability (3.2th percentile)
Published: August 12, 2025
Last Updated: August 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-40762, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)