CVE-2025-9450 - Vulnerability Details - OpenCVE

A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Dassault	Edrawings

No data.

No data.

References

Link	Providers
https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9450

History

Thu, 18 Sep 2025 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dassault Dassault edrawings
Vendors & Products		Dassault Dassault edrawings

Wed, 17 Sep 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 17 Sep 2025 06:30:00 +0000

Type	Values Removed	Values Added
Description		A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
Title		Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
Weaknesses		CWE-457
References		https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9450
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: 3DS

Published: 2025-09-17T06:13:25.958Z

Updated: 2025-09-17T12:51:00.889Z

Reserved: 2025-08-25T14:10:46.630Z

Link: CVE-2025-9450

Vulnrichment

Updated: 2025-09-17T12:50:56.658Z

NVD

Status : Awaiting Analysis

Published: 2025-09-17T07:15:43.030

Modified: 2025-09-17T14:18:55.093

Link: CVE-2025-9450

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9450", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "state": "PUBLISHED", "assignerShortName": "3DS", "dateReserved": "2025-08-25T14:10:46.630Z", "datePublished": "2025-09-17T06:13:25.958Z", "dateUpdated": "2025-09-17T12:51:00.889Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2025-09-17T06:13:25.958Z"}, "title": "Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-457", "description": "CWE-457 Use of Uninitialized Variable", "type": "CWE"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "SOLIDWORKS eDrawings", "versions": [{"status": "affected", "version": "Release SOLIDWORKS Desktop 2025 SP0", "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file."}]}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9450"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-17T12:50:53.364662Z", "id": "CVE-2025-9450", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T12:51:00.889Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9450", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-17T12:50:53.364662Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T12:50:56.658Z"}}], "cna": {"title": "Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "SOLIDWORKS eDrawings", "versions": [{"status": "affected", "version": "Release SOLIDWORKS Desktop 2025 SP0", "versionType": "custom", "lessThanOrEqual": "Release SOLIDWORKS Desktop 2025 SP3"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9450"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.", "supportingMedia": [{"type": "text/html", "value": "A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-457", "description": "CWE-457 Use of Uninitialized Variable"}]}], "providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2025-09-17T06:13:25.958Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9450", "state": "PUBLISHED", "dateUpdated": "2025-09-17T12:51:00.889Z", "dateReserved": "2025-08-25T14:10:46.630Z", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "datePublished": "2025-09-17T06:13:25.958Z", "assignerShortName": "3DS"}, "dataVersion": "5.1"}