CVE-2025-40936_CVE-2025-40936

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V29.0.258). The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to crash the application or execute code in the context of the current process. (ZDI-CAN-26755)

Basic Information

ID CVE-2025-40936

Source siemens

Published Nov 17, 2025 at 11:39

Modified Nov 17, 2025 at 14:03

Affected Product

Vendor Siemens

Product PS/IGES Parasolid Translator Component

Affected Versions Siemens PS/IGES Parasolid Translator Component 0

CWE Classification

CWE-125

References

cert-portal.siemens.com /productcert/html/ssa-241605.html

{
    "lastseen": "",
    "description": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V29.0.258). The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to crash the application or execute code in the context of the current process. (ZDI-CAN-26755)",
    "published": "2025-11-17T11:39:23.557Z",
    "modified": "2025-11-17T14:03:32.515Z",
    "type": "cve",
    "title": "CVE-2025-40936",
    "source": "siemens",
    "references": "https://cert-portal.siemens.com/productcert/html/ssa-241605.html",
    "id": "CVE-2025-40936",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125"
    ],
    "cvelist": null,
    "sourceData": "Siemens PS/IGES Parasolid Translator Component 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PS/IGES Parasolid Translator Component",
    "version": "0",
    "vendor": "Siemens",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}