CVE-2025-27438
First published: Tue Mar 11 2025(Updated: )
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Teamcenter Visualization | <14.3.0.13 | |
| Siemens Teamcenter Visualization | <2312.0009 | |
| Siemens Teamcenter Visualization | <2406.0007 | |
| Siemens Teamcenter Visualization | <2412.0002 | |
| Siemens Tecnomatix Plant Simulation | <2302.0021 | |
| Siemens Tecnomatix Plant Simulation | <2404.0010 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-27438?
The CVE-2025-27438 vulnerability is rated as a critical security issue affecting multiple versions of Siemens Teamcenter Visualization and Tecnomatix Plant Simulation.
Which versions are affected by CVE-2025-27438?
CVE-2025-27438 affects all versions of Siemens Teamcenter Visualization prior to V14.3.0.13, V2312 prior to V2312.0009, V2406 prior to V2406.0007, and V2412 prior to V2412.0002, as well as specific versions of Tecnomatix Plant Simulation.
How do I fix CVE-2025-27438?
To mitigate CVE-2025-27438, users should upgrade to the latest patched versions of Siemens Teamcenter Visualization or Tecnomatix Plant Simulation.
What products are impacted by CVE-2025-27438?
CVE-2025-27438 impacts Siemens Teamcenter Visualization and Siemens Tecnomatix Plant Simulation software.
Is there a workaround for CVE-2025-27438?
Currently, there are no known effective workarounds for CVE-2025-27438, so upgrading the software is recommended.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/siemens
- canonical/siemens teamcenter visualization
- canonical/siemens tecnomatix plant simulation