CVE-2025-40764 HIGH

CVE-2025-40764

Vendor Siemens
Product Simcenter Femap V2406
Weakness CWE-125
Published August 12, 2025
Last update August 12, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contains an out of bounds read vulnerability while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.

Key dates

02Disclosure timeline

August 12, 2025 CVE published
August 12, 2025 Record updated