Detections
Analytics

SOLIDWORKS eDrawings 2025 < 2025 SP3 Multiple Vulnerabilities

high Nessus Plugin ID 242324

Language:

Synopsis

The remote host is missing a security update.

Description

The version of SOLIDWORKS eDrawings installed on the remote host is 2025 prior to 2025 SP3. It is, therefore, affected by multiple vulnerabilities:

 - Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. (CVE-2025-0831)

 - Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. (CVE-2025-6971)

 - Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. (CVE-2025-6972)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to a version later than SOLIDWORKS eDrawings version 2025 SP3.

See Also

https://www.3ds.com/vulnerability/advisories

Plugin Details

Severity: High

ID: 242324

File Name: solidworks_edrawings_2025_sp3.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 7/18/2025

Updated: 7/18/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-0831

CVSS v3

Risk Factor: High

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:3ds:solidworks

Required KB Items: installed_sw/SOLIDWORKS eDrawings

Patch Publication Date: 7/7/2025

Vulnerability Publication Date: 7/15/2025

Reference Information

CVE: CVE-2025-0831, CVE-2025-6971, CVE-2025-6972, CVE-2025-6973, CVE-2025-6974, CVE-2025-7042

IAVA: 2025-A-0531