CVE-2025-6974— Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-6974
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025
Source: NVD (National Vulnerability Database)
Vulnerability Description
Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用未经初始化的变量
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dassault Systèmes SOLIDWORKS eDrawings 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dassault Systèmes SOLIDWORKS eDrawings是法国达索系统(Dassault Systèmes)公司的一款用于查看、共享和标注 2D/3D 设计文件的协作工具。 Dassault Systèmes SOLIDWORKS eDrawings 存在安全漏洞,该漏洞源于JT文件读取过程中存在未初始化变量,可能导致执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Dassault Systèmes | SOLIDWORKS eDrawings | Release SOLIDWORKS Desktop 2025 SP0 ~ Release SOLIDWORKS Desktop 2025 SP2 | - |
II. Public POCs for CVE-2025-6974
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-6974
Please Login to view more intelligence information
Same Patch Batch · Dassault Systèmes · 2025-07-15 · 6 CVEs total
| CVE-2025-6973 | 7.8 HIGH | Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawin |
| CVE-2025-6971 | 7.8 HIGH | Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS |
| CVE-2025-6972 | 7.8 HIGH | Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS |
| CVE-2025-7042 | 7.8 HIGH | Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawi |
| CVE-2025-0831 | 7.8 HIGH | Out-Of-Bounds Read vulnerability exists in the JT file reading procedure in SOLIDWORKS eDr |
IV. Related Vulnerabilities
Same product: SOLIDWORKS eDrawings
- CVE-2026-1335
Out-Of-Bounds Write vulnerability affecting the EPRT file re - CVE-2026-1334
Out-Of-Bounds Read vulnerability affecting the EPRT file rea - CVE-2026-1333
Use of Uninitialized Variable vulnerability affecting the EP - CVE-2026-1284
Out-Of-Bounds Write vulnerability affecting the EPRT file re - CVE-2026-1283
Heap-based Buffer Overflow vulnerability affecting the EPRT
Same vendor: Dassault Systèmes
- CVE-2025-10559
Path Traversal vulnerability affecting Factory Resource Mana - CVE-2025-10553
Stored Cross-site Scripting (XSS) vulnerability affecting Fa - CVE-2025-10551
Stored Cross-site Scripting (XSS) vulnerability affecting Do - CVE-2026-3476
Code Injection vulnerability affecting SOLIDWORKS Desktop fr - CVE-2026-2101
Reflected Cross-site Scripting (XSS) vulnerability affecting
V. Comments for CVE-2025-6974
No comments yet