CVE-2025-25175
Published: 13 March 2025
Summary
CVE-2025-25175 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Siemens Simcenter Femap. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates timely flaw remediation by applying vendor patches for the memory corruption vulnerability in Simcenter Femap's .NEU file parser.
Provides memory protection features like ASLR, DEP, and stack guards to block arbitrary code execution from memory corruption during file parsing.
Requires validation of file inputs such as .NEU files to restrict malformed data that triggers memory corruption in the affected application.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a memory corruption flaw in .NEU file parsing that enables arbitrary code execution when a user opens a malicious file, directly mapping to T1204.002 Malicious File.
NVD Description
A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to…
more
execute code in the context of the current process. (ZDI-CAN-25443)
Deeper analysisAI
CVE-2025-25175 is a memory corruption vulnerability (CWE-119) in Simcenter Femap V2401 (all versions prior to V2401.0003) and Simcenter Femap V2406 (all versions prior to V2406.0002). The flaw arises during the parsing of specially crafted .NEU files, which can lead to arbitrary code execution in the context of the current process. Published on 2025-03-13, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
An attacker with local access can exploit this vulnerability by tricking a user into opening a malicious .NEU file in the affected Simcenter Femap application, requiring no privileges but relying on user interaction. Successful exploitation allows code execution with high impacts to confidentiality, integrity, and availability within the process context.
Siemens advisory SSA-920092 (https://cert-portal.siemens.com/productcert/html/ssa-920092.html) addresses the issue, with mitigation achieved by updating to Simcenter Femap V2401.0003 or later for the V2401 series, or V2406.0002 or later for the V2406 series. The vulnerability was reported as ZDI-CAN-25443.
Details
- CWE(s)