PTC Windchill and FlexPLM are susceptible to an improper input validation vulnerability that is currently being exploited in the wild, posing a critical risk to organizational systems.

The software suffers from an improper input validation vulnerability within its core functionality. While specific authentication requirements depend on the implementation, the flaw permits attackers to manipulate input data to achieve unauthorized outcomes.

The exploitation of this vulnerability can lead to unauthorized access, potential remote code execution, and compromise of proprietary design or product data. With a CVSS score of 9.5, the risk is extreme, and its inclusion in the CISA KEV catalog confirms that threat actors are actively leveraging this flaw to breach networks.

Immediate Action: Apply the vendor-supplied security patches or mitigations immediately. Given the confirmed active exploitation, prioritize this update across all internet-exposed instances.

Proactive Monitoring: Inspect server logs for unusual input patterns or unexpected process execution following the patch application.

Compensating Controls: Deploy Web Application Firewall (WAF) rules designed to filter malicious input strings directed at the affected application endpoints.

Public Exploit Available: True

The severity of this vulnerability, combined with its status in the CISA KEV catalog, necessitates an immediate response. Administrators must prioritize the application of vendor mitigations to neutralize the threat of active exploitation and prevent unauthorized access to critical product lifecycle management environments.