CVE-2025-40809
📋 TL;DR
An out-of-bounds write vulnerability in Solid Edge SE2024 and SE2025 allows attackers to crash the application or execute arbitrary code by tricking users into opening malicious PRT files. This affects all users running vulnerable versions of these CAD software products. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- Solid Edge SE2024
- Solid Edge SE2025
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with SYSTEM/administrator privileges leading to full system compromise, data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Application crash leading to denial of service and potential data loss, with possible code execution in user context allowing privilege escalation.
If Mitigated
Application crash with no code execution if exploit fails or security controls block malicious payloads.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: SE2024: V224.0 Update 14 or later, SE2025: V225.0 Update 6 or later
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-541582.html
Restart Required: Yes
Instructions:
1. Download the latest update from Siemens support portal. 2. Close all Solid Edge applications. 3. Run the update installer with administrative privileges. 4. Restart the system after installation completes.
🔧 Temporary Workarounds
Restrict PRT file handling
windowsConfigure Windows to open PRT files with a different application or block them entirely via group policy.
Use Windows Group Policy Editor to modify file association policies for .prt files
User awareness training
allTrain users to only open PRT files from trusted sources and verify file integrity before opening.
🧯 If You Can't Patch
- Implement application whitelisting to block unauthorized Solid Edge execution
- Deploy network segmentation to isolate engineering workstations from critical systems
🔍 How to Verify
Check if Vulnerable:
Check Solid Edge version via Help > About Solid Edge. If version is below the patched versions listed, the system is vulnerable.Check Version:
In Solid Edge: Help > About Solid EdgeVerify Fix Applied:
Verify Solid Edge version is at least V224.0 Update 14 for SE2024 or V225.0 Update 6 for SE2025.📡 Detection & Monitoring
Log Indicators:
- Application crashes with access violation errors
- Unexpected Solid Edge process termination
- Windows Event Logs showing application faults
Network Indicators:
- Unusual outbound connections from engineering workstations
- File transfers of PRT files from untrusted sources
SIEM Query:
EventID=1000 AND Source="Application Error" AND ProcessName="Edge.exe"