PatchSiren cyber security CVE debrief
CVE-2025-23402 Siemens CVE debrief
CVE-2025-23402 is a use-after-free vulnerability in Siemens Teamcenter Visualization and Tecnomatix Plant Simulation when parsing specially crafted WRL files. The issue can lead to code execution in the context of the current process, and the supplied CVSS vector indicates local access plus user interaction are required. Siemens and CISA published remediation guidance on 2025-03-11, with a later 2025-05-06 revision noted as typo fixes only.
- Vendor
- Siemens
- Product
- Teamcenter Visualization V14.3
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-05-06
Who should care
Administrators and engineers responsible for Siemens Teamcenter Visualization or Tecnomatix Plant Simulation deployments, especially in industrial or engineering environments where WRL files may be opened or exchanged.
Technical summary
The advisory describes a use-after-free condition triggered during parsing of specially crafted WRL files. The supplied CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating the attack requires local access and user interaction, and may permit execution of attacker-controlled code in the current process. Affected products listed in the source include Teamcenter Visualization V14.3, V2312, V2406, V2412, and Tecnomatix Plant Simulation V2302 and V2404.
Defensive priority
High priority for affected Siemens environments: vendor fixes are available, and the issue can enable code execution if a malicious WRL file is opened. It is not listed in KEV in the supplied corpus, so this is urgent patching rather than emergency response.
Recommended defensive actions
- Apply the vendor updates listed in the advisory: Teamcenter Visualization V14.3.0.13 or later, V2312.0009 or later, V2406.0007 or later, V2412.0002 or later, Tecnomatix Plant Simulation V2302.0021 or later, and V2404.001
- Do not open untrusted WRL files in the affected applications until patching is complete.
- Limit file exchange from untrusted sources and apply least-privilege practices for users who handle engineering or visualization files.
- Review Siemens and CISA advisory pages for product-specific deployment guidance and validation steps before and after remediation.
Evidence notes
Based on the supplied CISA CSAF advisory ICSA-25-072-01 and Siemens advisory references, published 2025-03-11 and revised 2025-05-06 with a note indicating typo fixes. The corpus identifies six affected Siemens products, provides fixed-version thresholds for each, and includes a mitigation to avoid opening untrusted WRL files. The supplied enrichment marks the issue as not in KEV and with no known ransomware campaign use.
Official resources
-
CVE-2025-23402 CVE record
CVE.org
-
CVE-2025-23402 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory on 2025-03-11, with a non-substantive revision on 2025-05-06 for typos. No KEV listing is present in the supplied corpus.