Impact
A Path Traversal vulnerability in SOLIDWORKS Visualize allows an attacker to write arbitrary files on the server. If the attacker can place files in executable or configuration directories, they could gain privileged access or execute malicious code, compromising confidentiality, integrity, and availability of the system.
Affected Systems
Dassault Systèmes SOLIDWORKS Visualize versions 2024 through 2026 are affected. No specific patch versions are listed, but any release in this range may be vulnerable.
Risk and Exploitability
The CVSS score of 9.8 reflects a severe risk. The EPSS score of less than 1% indicates a low current exploitation probability, but the vulnerability is not listed in CISA KEV yet. Likely the attack vector is remote, inferred from the ability to write files on the server, possibly via web interfaces or APIs. Exploitation would require the attacker to supply a crafted path that traverses directories beyond the intended storage scope.
OpenCVE Enrichment