PatchSiren cyber security CVE debrief
CVE-2025-12659 Cert Portal CVE debrief
CVE-2025-12659 affects Siemens Simcenter Femap and was published by CISA on 2026-05-12, with a republication update on 2026-05-14. The issue is a memory corruption vulnerability in IPT file parsing that could allow code execution in the context of the current process. The advisory’s CVSS 3.1 vector indicates local access and user interaction are required, and the overall severity is High (7.8). Siemens states that updating to V2512.0003 or later addresses the issue.
- Vendor
- Cert Portal
- Product
- Siemens Simcenter Femap vers:intdot/<2512.0003
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Organizations using Siemens Simcenter Femap, especially engineering teams and workstations that open or process IPT files, should prioritize this advisory. Security teams responsible for desktop application patching and trusted-file handling should also pay attention because successful exploitation depends on user interaction rather than network exposure.
Technical summary
The CISA CSAF advisory describes a memory corruption condition while parsing specially crafted IPT files. The CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, which points to local execution conditions with required user interaction and potentially high impact if exploited. The source links the issue to ZDI-CAN-27349 and ZDI-CAN-27389. The remediation provided in the advisory is to update Siemens Simcenter Femap to V2512.0003 or later.
Defensive priority
High for affected engineering endpoints. Although the issue is not marked as KEV and is not described as a wormable or remote network service flaw, it can still lead to code execution in the current process when a crafted file is opened. Patch priority should be elevated for systems that regularly ingest external or partner-supplied IPT files.
Recommended defensive actions
- Update Siemens Simcenter Femap to V2512.0003 or later as directed by the vendor.
- Identify endpoints and engineering workstations that run Siemens Simcenter Femap and confirm version exposure.
- Treat unsolicited or untrusted IPT files as higher risk until patching is complete.
- Apply least-privilege controls and limit who can open externally sourced engineering files.
- Use standard ICS and endpoint defense-in-depth practices for workstations handling industrial design files.
Evidence notes
All core facts here come from the supplied CISA CSAF source for ICSA-26-134-05 and its referenced Siemens ProductCERT advisory. The advisory title is Siemens Simcenter Femap, the description states a memory corruption vulnerability while parsing specially crafted IPT files, and the remediation states to update to V2512.0003 or later. The CVSS vector in the source is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and no KEV listing was provided.
Official resources
-
CVE-2025-12659 CVE record
CVE.org
-
CVE-2025-12659 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2026-05-12, with a source republication/update on 2026-05-14. The supplied advisory does not indicate KEV inclusion.