CVE-2025-40936 HIGH

CVE-2025-40936

Vendor Siemens
Product PS/IGES Parasolid Translator Component
Weakness CWE-125
Published November 17, 2025
Last update June 9, 2026

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V29.0.258), Simcenter Femap (All versions < V2512.0003), Solid Edge (All versions < V226.00 Update 03). The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to crash the application or execute code in the context of the current process. (ZDI-CAN-26755)

Key dates

02Disclosure timeline

November 17, 2025 CVE published
June 9, 2026 Record updated