PatchSiren cyber security CVE debrief
CVE-2025-23398 Siemens CVE debrief
CVE-2025-23398 is a high-severity Siemens issue in Teamcenter Visualization and Tecnomatix Plant Simulation. According to the advisory, specially crafted WRL files can trigger memory corruption during parsing, which may allow code execution in the context of the current process. The CISA advisory was published on 2025-03-11 and later revised on 2025-05-06 for typos only.
- Vendor
- Siemens
- Product
- Teamcenter Visualization V14.3
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-05-06
Who should care
Organizations using Siemens Teamcenter Visualization V14.3, V2312, V2406, or V2412, and Tecnomatix Plant Simulation V2302 or V2404. This is especially relevant for engineering, manufacturing, and industrial environments where users may open imported 3D or visualization files from outside the trust boundary.
Technical summary
The supplied advisory describes a memory-corruption flaw in WRL file parsing. The CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local impact with required user interaction. The likely trigger is opening a crafted WRL file in one of the affected Siemens applications, which could lead to execution in the current process if successfully exploited. Siemens lists fixed versions for each affected product line.
Defensive priority
High. The vulnerability is rated CVSS 7.8 (High), affects multiple Siemens product versions, and may lead to code execution after a user opens an untrusted file.
Recommended defensive actions
- Update Siemens Teamcenter Visualization V14.3 to V14.3.0.13 or later.
- Update Siemens Teamcenter Visualization V2312 to V2312.0009 or later.
- Update Siemens Teamcenter Visualization V2406 to V2406.0007 or later.
- Update Siemens Teamcenter Visualization V2412 to V2412.0002 or later.
- Update Siemens Tecnomatix Plant Simulation V2302 to V2302.0021 or later.
- Update Siemens Tecnomatix Plant Simulation V2404 to V2404.0010 or later.
- Do not open untrusted WRL files in affected applications.
- Use defense-in-depth controls for industrial/engineering endpoints, including least privilege and file handling restrictions where practical.
Evidence notes
Source evidence comes from the Siemens/CISA CSAF advisory for ICSA-25-072-01, which identifies the affected products, the WRL parsing memory-corruption condition, and the fixed versions. The timeline shows the initial publication date as 2025-03-11 and a later revision on 2025-05-06 with only typo fixes. The CVSS vector supplied with the advisory is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Official resources
-
CVE-2025-23398 CVE record
CVE.org
-
CVE-2025-23398 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2025-03-11; revised on 2025-05-06 for typo corrections only. No KEV listing is present in the supplied data.