CVE-2025-40829

CWE-908 — Use of Uninitialized Resource4 documents4 sources

Severity

7.3HIGH

EPSS

0.0%

top 91.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simcenter Femap

Timeline

PublishedDec 12

Description

A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27146)

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/simcenter_femap< V2512

▶NVDsiemens/simcenter_femap< 2512.0000

🔴Vulnerability Details

CVEList

CVE-2025-40829: A vulnerability has been identified in Simcenter Femap (All versions < V2512)↗2025-12-12

▶

GHSA

GHSA-3ccp-5v4p-6xpq: A vulnerability has been identified in Simcenter Femap (All versions < V2512)↗2025-12-12

▶

🕵️Threat Intelligence

Wiz

CVE-2025-40829 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶