CVE-2025-40936

high

Description

A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V29.0.258), Simcenter Femap (All versions < V2512.0003), Solid Edge (All versions < V226.00 Update 03). The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to crash the application or execute code in the context of the current process. (ZDI-CAN-26755)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-05

https://cert-portal.siemens.com/productcert/html/ssa-445819.html

https://cert-portal.siemens.com/productcert/html/ssa-241605.html

https://cert-portal.siemens.com/productcert/html/ssa-870926.html

Details

Source: Mitre, NVD

Published: 2025-11-17

Updated: 2026-06-09

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 7.3

Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00015