CVE-2025-23399 Siemens CVE debrief

Who should care

Organizations running Siemens Teamcenter Visualization V14.3, V2312, V2406, or V2412, and Tecnomatix Plant Simulation V2302 or V2404, especially teams that open or import external WRL files. Security, desktop engineering, PLM/CAD, and operations teams should prioritize systems where untrusted files can reach the affected applications.

Technical summary

The vulnerability is an out-of-bounds read during WRL file parsing. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, which indicates a local attack path that still requires user interaction, consistent with a malicious file being opened by the victim. Siemens and CISA list fixed versions for each affected product line, and the source corpus does not indicate Known Exploited Vulnerabilities status.

Defensive priority

High. The flaw can lead to code execution in the current process, but exploitation depends on a user opening a specially crafted WRL file. Patch priority should be highest on endpoints or workstations that regularly process external WRL content.

Recommended defensive actions

• Update Teamcenter Visualization V14.3 to V14.3.0.13 or later.
• Update Teamcenter Visualization V2312 to V2312.0009 or later.
• Update Teamcenter Visualization V2406 to V2406.0007 or later.
• Update Teamcenter Visualization V2412 to V2412.0002 or later.
• Update Tecnomatix Plant Simulation V2302 to V2302.0021 or later.
• Update Tecnomatix Plant Simulation V2404 to V2404.0010 or later.
• Do not open untrusted WRL files in affected applications.

Evidence notes

Primary evidence comes from the CISA CSAF advisory ICSA-25-072-01 and Siemens advisory SSA-050438, both cited in the supplied corpus. The source timeline shows publication on 2025-03-11 and a revision on 2025-05-06 that only fixed typos. The supplied enrichment marks this as not listed in CISA Known Exploited Vulnerabilities.

Official resources