CVE-2025-23401 Siemens CVE debrief

Who should care

Administrators, engineers, and support teams running the affected Siemens visualization or plant-simulation versions should pay attention, especially where WRL files can arrive from external partners, contractors, or other untrusted sources.

Technical summary

The issue is a memory-safety bug in WRL parsing: an out-of-bounds read past the end of an allocated structure. The supplied advisory links the condition to specially crafted WRL files and notes potential code execution in the current process. The provided CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating user interaction is required and the impact can be severe once triggered.

Defensive priority

High. The vulnerability is publicly disclosed, rated CVSS 7.8, and affects multiple active Siemens product lines. Prioritize patching systems that open or ingest WRL files, and reduce exposure to untrusted file input until remediation is complete.

Recommended defensive actions

• Update Teamcenter Visualization V14.3 to V14.3.0.13 or later.
• Update Teamcenter Visualization V2312 to V2312.0009 or later.
• Update Teamcenter Visualization V2406 to V2406.0007 or later.
• Update Teamcenter Visualization V2412 to V2412.0002 or later.
• Update Tecnomatix Plant Simulation V2302 to V2302.0021 or later.
• Update Tecnomatix Plant Simulation V2404 to V2404.0010 or later.
• Do not open untrusted WRL files in affected applications until systems are updated.

Evidence notes

This debrief is grounded in the CISA CSAF advisory ICSA-25-072-01 and Siemens advisory SSA-050438, both listed in the supplied corpus. The source states the affected products, the WRL parsing weakness, the potential for code execution in the current process, and the fixed versions. The source timeline shows initial publication on 2025-03-11 and a later 2025-05-06 revision for typo fixes. No CISA KEV entry was provided for this CVE.

Official resources