cve-2025-12659

CVE-2025-12659 is a high-severity heap-based buffer overflow vulnerability in the Datakit library used by Siemens Simcenter Femap versions before V2512.0003. It can be triggered when a user opens a malicious Autodesk Inventor IPT file, as detailed in Siemens and CISA advisories from May 2026. This vulnerability highlights that engineering workstations running Windows are not immune to file-parser attacks, placing them in the same threat model as email clients and browsers. For Windows shops using Femap, the recommended actions are to update to the patched version, restrict untrusted file handling, and avoid treating CAE tools as low-risk. The tag covers discussions on patching, security advisories, and mitigation strategies for this specific CVE.