CVE-2025-6972 in SOLIDWORKS eDrawings
Summary
by MITRE • 07/15/2025
Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 07/21/2025
The CVE-2025-6972 vulnerability represents a critical use-after-free flaw within SOLIDWORKS eDrawings software, specifically affecting the CATPRODUCT file reading procedure in the SOLIDWORKS Desktop 2025 release. This vulnerability type falls under CWE-416 which categorizes use-after-free conditions as a fundamental memory safety issue where program code continues to reference memory that has already been freed, potentially leading to unpredictable behavior and exploitation. The vulnerability manifests when the eDrawings application processes specially crafted CATPRODUCT files, which are commonly used for sharing 3D CAD models and technical drawings within the SOLIDWORKS ecosystem.
The technical exploitation of this vulnerability occurs during the file parsing phase when the application attempts to read and process maliciously constructed CATPRODUCT files. When such files are opened, the eDrawings software allocates memory for file structures and subsequently frees this memory during normal processing operations. However, due to improper memory management within the CATPRODUCT file reading procedure, the application may continue to reference this freed memory location, creating a use-after-free condition. This memory corruption can be leveraged by attackers to overwrite critical memory regions, potentially leading to arbitrary code execution within the context of the running eDrawings process.
The operational impact of this vulnerability extends beyond simple privilege escalation as it creates a remote code execution vector that can be exploited through social engineering techniques. Attackers can distribute malicious CATPRODUCT files through various channels including email attachments, compromised websites, or file sharing platforms where users might legitimately open these files for legitimate business purposes. The vulnerability affects users who have SOLIDWORKS Desktop 2025 installed, making it particularly concerning for organizations that rely heavily on 3D CAD modeling and engineering collaboration tools. The attack surface is significant given that CATPRODUCT files are commonly shared between engineering teams, suppliers, and clients, increasing the likelihood of successful exploitation through legitimate file transfer channels.
Security mitigations for this vulnerability should focus on both immediate defensive measures and long-term architectural improvements. Organizations should implement immediate patch management procedures to ensure all instances of SOLIDWORKS Desktop 2025 are updated with the latest security patches from SOLIDWORKS. Additionally, network-based defenses should include email filtering and endpoint protection solutions that can detect and block suspicious CATPRODUCT file attachments. From a defensive perspective, the vulnerability aligns with ATT&CK technique T1203 which covers exploitation for execution through malicious file attachments, making it essential for security teams to monitor for unusual file opening patterns and implement application whitelisting where possible. The use-after-free condition also demonstrates the importance of memory safety practices in software development, particularly in applications that process external file formats, and reinforces the need for comprehensive code review processes that include static and dynamic analysis tools to identify similar memory corruption vulnerabilities.