CVE-2025-6971
📋 TL;DR
A Use After Free vulnerability in SOLIDWORKS eDrawings allows attackers to execute arbitrary code when users open malicious CATPRODUCT files. This affects SOLIDWORKS Desktop 2025 users who process CATPRODUCT files. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- SOLIDWORKS eDrawings
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with attacker gaining full control of the affected system, data theft, and lateral movement within the network.
Likely Case
Local privilege escalation leading to installation of malware, ransomware, or backdoors on the user's workstation.
If Mitigated
Limited impact with proper application sandboxing and user privilege restrictions preventing system-wide compromise.
🎯 Exploit Status
Exploitation requires user interaction to open malicious CATPRODUCT file. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patch version
Vendor Advisory: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6971
Restart Required: Yes
Instructions:
1. Visit the vendor advisory URL
2. Download the latest patch/update for SOLIDWORKS Desktop 2025
3. Install the update following vendor instructions
4. Restart the system
🔧 Temporary Workarounds
Disable CATPRODUCT file association
windowsRemove file association for CATPRODUCT files to prevent automatic opening in eDrawings
Control Panel > Default Programs > Associate a file type or protocol with a program > Select .CATPRODUCT > Change program > Choose different application
Use application sandboxing
windowsRun eDrawings in a sandboxed environment to limit potential damage
🧯 If You Can't Patch
- Restrict user privileges to prevent system-wide compromise if exploited
- Implement application whitelisting to block unauthorized executables
🔍 How to Verify
Check if Vulnerable:
Check SOLIDWORKS version in Help > About SOLIDWORKS eDrawingsCheck Version:
In eDrawings: Help > About SOLIDWORKS eDrawingsVerify Fix Applied:
Verify version is updated beyond vulnerable release and test with known safe CATPRODUCT files📡 Detection & Monitoring
Log Indicators:
- Unexpected crashes of eDrawings.exe
- Suspicious child processes spawned from eDrawings
- Unusual file access patterns from eDrawings process
Network Indicators:
- Outbound connections from eDrawings process to unknown destinations
- DNS requests for suspicious domains from eDrawings
SIEM Query:
Process Creation where ParentImage contains 'eDrawings.exe' and CommandLine contains suspicious patterns