CVE-2025-23397
Published: 11 March 2025
Summary
CVE-2025-23397 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Siemens Teamcenter Visualization. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 25.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely remediation through application of vendor patches that fix the memory corruption in WRL file parsing.
Implements memory safeguards like ASLR and DEP to protect against exploitation of memory corruption vulnerabilities such as CWE-119 leading to arbitrary code execution.
Requires validation of information inputs like WRL files to prevent malformed files from triggering the parsing flaw and memory corruption.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory corruption in WRL file parser enables arbitrary code execution upon opening a crafted file (T1203 Exploitation for Client Execution); requires user to open malicious file (T1204.002 Malicious File).
NVD Description
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions…
more
< V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
Deeper analysisAI
CVE-2025-23397 is a memory corruption vulnerability (CWE-119) affecting Siemens Teamcenter Visualization versions V14.3 (all versions prior to V14.3.0.13), V2312 (prior to V2312.0009), V2406 (prior to V2406.0007), and V2412 (prior to V2412.0002), as well as Tecnomatix Plant Simulation versions V2302 (prior to V2302.0021) and V2404 (prior to V2404.0010). The issue arises during the parsing of specially crafted WRL files, which can trigger the corruption.
With a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), the vulnerability can be exploited by a local attacker requiring no privileges but relying on user interaction. An attacker could craft a malicious WRL file and convince a user to open it within an affected application, potentially achieving arbitrary code execution in the context of the current process.
The Siemens product CERT advisory (SSA-050438) details mitigation through updating to the specified patched versions or later. Further information, including full patch details, is available at https://cert-portal.siemens.com/productcert/html/ssa-050438.html.
Details
- CWE(s)