CVE-2025-40811
📋 TL;DR
An out-of-bounds read vulnerability in Solid Edge SE2024 and SE2025 allows attackers to crash the application or execute arbitrary code by tricking users into opening malicious PRT files. This affects all versions before specific updates. Users of these CAD software versions are at risk.
💻 Affected Systems
- Solid Edge SE2024
- Solid Edge SE2025
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the current user, potentially leading to full system compromise, data theft, or ransomware deployment.
Likely Case
Application crashes (denial of service) when processing malicious PRT files, disrupting engineering workflows.
If Mitigated
Limited impact if users only open trusted files from verified sources and have proper endpoint protection.
🎯 Exploit Status
Exploitation requires user interaction (opening a malicious file). No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Solid Edge SE2024: V224.0 Update 14 or later; Solid Edge SE2025: V225.0 Update 6 or later
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-541582.html
Restart Required: Yes
Instructions:
1. Open Solid Edge. 2. Go to Help > Check for Updates. 3. Follow prompts to download and install the latest update. 4. Restart Solid Edge after installation completes.
🔧 Temporary Workarounds
Restrict PRT file handling
windowsConfigure Windows to open PRT files with a different application or block them via group policy to prevent automatic opening in Solid Edge.
🧯 If You Can't Patch
- Implement application whitelisting to block execution of older vulnerable Solid Edge versions.
- Educate users to only open PRT files from trusted sources and enable macro/script blocking in endpoint protection.
🔍 How to Verify
Check if Vulnerable:
Check Solid Edge version via Help > About. If SE2024 version is below V224.0 Update 14 or SE2025 version is below V225.0 Update 6, the system is vulnerable.Check Version:
Not applicable - use GUI method in Solid Edge.Verify Fix Applied:
After updating, verify the version in Help > About matches or exceeds the patched versions mentioned above.📡 Detection & Monitoring
Log Indicators:
- Application crash logs from Solid Edge (Event ID 1000 in Windows Event Viewer)
- Unexpected process termination of sedge.exe
Network Indicators:
- Unusual outbound connections from Solid Edge process after file open
SIEM Query:
EventID=1000 AND SourceName="Application Error" AND ProcessName="sedge.exe"