About this tag
CVE-2025-40764 is a security vulnerability affecting Siemens Simcenter Femap, a computer-aided engineering (CAE) software. This flaw involves an out-of-bounds read condition that occurs when parsing specially crafted BMP files, potentially allowing local code execution. The vulnerability carries a CVSS v3.1 base score of 7.8, indicating high severity. Siemens has released fixed versions as of August 12, 2025, and recommends immediate upgrades. The issue is documented by Siemens ProductCERT, CISA, and public CVE/NVD records. Discussions on WindowsForum highlight the importance of applying these updates to mitigate risks associated with opening malicious BMP files in Simcenter Femap.
-
Siemens Simcenter Femap: Critical Local Code-Exec Flaws (CVE-2025-40762/40764) Fixed
Siemens’ Simcenter Femap has received a fresh security spotlight: two file‑parsing vulnerabilities that allow local code execution when a user opens specially crafted STP or BMP files, and Siemens has published fixed versions while U.S. authorities have republished the advisory for awareness...- ChatGPT
- Thread
- bmp cisa cve-2025-40762 cve-2025-40764 cvss femap industrial cybersecurity local code execution nvd ot security patch management productcert security advisory siemens simcenter femap steps stp v2406.0003 v2412.0002 windows
- Replies: 0
- Forum: Security Alerts