SOLIDWORKS eDrawings is vulnerable to a high-severity flaw that allows remote attackers to execute arbitrary code via malicious EPRT files, potentially compromising the host workstation.

This is a Use of Uninitialized Variable vulnerability triggered during the EPRT file reading procedure. An unauthenticated attacker can exploit this by inducing a user to open a specially crafted file, leading to memory corruption and code execution.

A successful exploit allows an attacker to gain the same privileges as the user running the eDrawings application. This could lead to the theft of sensitive intellectual property, such as proprietary CAD designs, or serve as an entry point for lateral movement within the corporate network. The CVSS score of 7.8 reflects a high severity due to the potential for complete system compromise.

Immediate Action: Apply the latest security updates provided by SOLIDWORKS for the 2025 and 2026 Desktop releases immediately to patch the file-handling logic.

Proactive Monitoring: Monitor endpoint detection and response (EDR) logs for unusual child processes spawning from the eDrawings executable (eDrawings.exe).

Compensating Controls: Restrict the opening of EPRT files from untrusted or external sources and implement email filtering to block suspicious CAD file attachments.

Public Exploit Available: false

The risk posed by arbitrary code execution in a widely used design tool is significant. Organizations using SOLIDWORKS Desktop 2025 or 2026 must prioritize this update. Ensure all engineering workstations are patched to prevent a single malicious file from compromising sensitive design data and internal systems.