SOLIDWORKS eDrawings is susceptible to an Out-Of-Bounds Write vulnerability that enables remote code execution, posing a high risk to workstations handling CAD data.

This vulnerability involves an Out-Of-Bounds Write during the processing of EPRT files. An unauthenticated attacker can leverage this flaw by providing a specially crafted file that, when opened, writes malicious data outside of intended memory boundaries.

Exploitation of this flaw can lead to complete loss of system integrity and the execution of unauthorized commands with user-level permissions. The high CVSS score of 7.8 is justified by the ease with which a malicious file can be distributed via phishing or social engineering to compromise high-value engineering targets.

Immediate Action: Deploy the official vendor security patches for SOLIDWORKS Desktop 2025 and 2026 immediately to remediate the vulnerable file-reading function.

Proactive Monitoring: Use endpoint security tools to alert on memory corruption events or unexpected network connections originating from the eDrawings application.

Compensating Controls: Utilize a Web Gateway or Email Security Appliance to scan and block EPRT files containing suspicious structures or those originating from unverified external sources.

Public Exploit Available: false

Immediate remediation is required to protect against potential code execution attacks. Organizations must ensure that all instances of eDrawings are updated to the latest version. Delaying these updates leaves the environment vulnerable to targeted attacks aimed at compromising industrial designs.