CVE-2025-23399
Published: 11 March 2025
Summary
CVE-2025-23399 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Siemens Teamcenter Visualization. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 30.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely identification, reporting, and patching of the out-of-bounds read flaw in affected Teamcenter Visualization and Tecnomatix Plant Simulation versions during WRL file parsing.
Implements memory protection mechanisms such as ASLR and DEP to prevent arbitrary code execution from the out-of-bounds read past allocated structures in the vulnerable applications.
Validates specially crafted WRL file inputs to reject malformed structures that trigger the out-of-bounds read during parsing in the affected Siemens applications.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is triggered by parsing a specially crafted WRL file, directly matching malicious file delivery that requires user interaction to open, leading to arbitrary code execution in the application process.
NVD Description
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions…
more
< V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
Deeper analysisAI
CVE-2025-23399 is an out-of-bounds read vulnerability (CWE-125) identified in multiple versions of Siemens Teamcenter Visualization and Tecnomatix Plant Simulation. It affects Teamcenter Visualization V14.3 (all versions prior to V14.3.0.13), V2312 (all versions prior to V2312.0009), V2406 (all versions prior to V2406.0007), and V2412 (all versions prior to V2412.0002), as well as Tecnomatix Plant Simulation V2302 (all versions prior to V2302.0021) and V2404 (all versions prior to V2404.0010). The issue arises during parsing of specially crafted WRL files, potentially leading to code execution in the context of the current process. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and was published on 2025-03-11.
Exploitation requires local access to the system (AV:L) with low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R), such as convincing a user to open a malicious WRL file in one of the affected applications. No scope change occurs (S:U). Successful exploitation enables an attacker to achieve high-impact confidentiality, integrity, and availability violations (C:H/I:H/A:H) through arbitrary code execution in the process context.
The Siemens Security Advisory SSA-050438, available at https://cert-portal.siemens.com/productcert/html/ssa-050438.html, details mitigation steps, including upgrading to the patched versions specified for each affected product.
Details
- CWE(s)