CVE-2025-40809 - Vulnerability Details

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out of bounds write vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process.

Attack Vector Local

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Siemens	Solid Edge Se2024 Solid Edge Se2025

Configuration 1 [-]

OR	cpe:2.3:a:siemens:solid_edge_se2024:-:::::::*
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:-::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0001::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_00010::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_00011::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_00012::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_00013::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0002::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0003::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0004::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0005::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0006::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0007::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0008::::::
	cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0009::::::
	cpe:2.3:a:siemens:solid_edge_se2025:-:::::::*
	cpe:2.3:a:siemens:solid_edge_se2025:225.0:-::::::
	cpe:2.3:a:siemens:solid_edge_se2025:225.0:update_0001::::::
	cpe:2.3:a:siemens:solid_edge_se2025:225.0:update_0002::::::
	cpe:2.3:a:siemens:solid_edge_se2025:225.0:update_0003::::::
	cpe:2.3:a:siemens:solid_edge_se2025:225.0:update_0004::::::
	cpe:2.3:a:siemens:solid_edge_se2025:225.0:update_0005::::::

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-541582.html

History

Thu, 16 Oct 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens Siemens solid Edge Se2024 Siemens solid Edge Se2025
CPEs		cpe:2.3:a:siemens:solid_edge_se2024:-:::::::* cpe:2.3:a:siemens:solid_edge_se2024:224.0:-:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_00010:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_00011:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_00012:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_00013:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0001:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0002:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0003:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0004:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0005:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0006:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0007:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0008:::::: cpe:2.3:a:siemens:solid_edge_se2024:224.0:update_0009:::::: cpe:2.3:a:siemens:solid_edge_se2025:-:::::::* cpe:2.3:a:siemens:solid_edge_se2025:225.0:-:::::: cpe:2.3:a:siemens:solid_edge_se2025:225.0:update_0001:::::: cpe:2.3:a:siemens:solid_edge_se2025:225.0:update_0002:::::: cpe:2.3:a:siemens:solid_edge_se2025:225.0:update_0003:::::: cpe:2.3:a:siemens:solid_edge_se2025:225.0:update_0004:::::: cpe:2.3:a:siemens:solid_edge_se2025:225.0:update_0005::::::
Vendors & Products		Siemens Siemens solid Edge Se2024 Siemens solid Edge Se2025

Tue, 14 Oct 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 14 Oct 2025 09:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 14), Solid Edge SE2025 (All versions < V225.0 Update 6). The affected applications contains an out of bounds write vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process.
Weaknesses		CWE-787
References		https://cert-portal.siemens.com/productcert/html/ssa-541582.html
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2025-10-14T09:15:27.478Z

Updated: 2025-10-14T19:03:33.965Z

Reserved: 2025-04-16T08:50:26.974Z

Link: CVE-2025-40809

Vulnrichment

Updated: 2025-10-14T19:03:31.063Z

NVD

Status : Analyzed

Published: 2025-10-14T10:15:39.580

Modified: 2025-10-16T14:03:17.823

Link: CVE-2025-40809

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object