CVE-2025-6973
📋 TL;DR
A Use After Free vulnerability in SOLIDWORKS eDrawings allows attackers to execute arbitrary code when users open malicious JT files. This affects SOLIDWORKS Desktop 2025 users who process JT files. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- SOLIDWORKS eDrawings
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with SYSTEM/administrator privileges leading to full system compromise, data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation leading to malware installation, data exfiltration, or persistence mechanisms on the affected workstation.
If Mitigated
Limited impact with application crash or denial of service if exploit fails or security controls block execution.
🎯 Exploit Status
Exploitation requires user interaction to open malicious file. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SOLIDWORKS 2025 SP1 or later updates
Vendor Advisory: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6973
Restart Required: Yes
Instructions:
1. Open SOLIDWORKS. 2. Go to Help > Check for Updates. 3. Install all available updates. 4. Restart computer. 5. Verify version is updated.
🔧 Temporary Workarounds
Block JT file extensions
windowsPrevent opening of JT files via group policy or application control
Disable eDrawings file association
windowsRemove JT file association with eDrawings application
🧯 If You Can't Patch
- Implement application whitelisting to block unauthorized executables
- Restrict user permissions to prevent privilege escalation
🔍 How to Verify
Check if Vulnerable:
Check SOLIDWORKS version in Help > About SOLIDWORKS. If version is 2025 without SP1, system is vulnerable.Check Version:
Not applicable - check via GUI in Help > About SOLIDWORKSVerify Fix Applied:
Verify version shows 2025 SP1 or later in Help > About SOLIDWORKS.📡 Detection & Monitoring
Log Indicators:
- Application crashes in eDrawings
- Unusual process creation from eDrawings.exe
- Failed file opens of JT files
Network Indicators:
- Outbound connections from eDrawings process to unknown IPs
- Unusual network traffic following JT file open
SIEM Query:
Process Creation where Image contains 'edrawings' AND CommandLine contains '.jt'