A heap‑based buffer overflow occurs in the EPRT file reading routine of SOLIDWORKS eDrawings, allowing a maliciously crafted EPRT file to cause the program to execute arbitrary code. The vulnerability permits an attacker to compromise confidentiality, integrity, and availability of the affected system by running code with the privileges of the eDrawings user. The vulnerability is classified as CWE‑122, a heap overflow weakness that can be triggered when processing lawful or malicious input. The representation side of the vulnerability does not expose any network controls; it relies on the user opening the compromised file. Execution is feasible by delivering a specially constructed EPRT file to a user who opens it in the affected application. The CVSS score of 7.8 indicates high severity, but the EPSS score of <1% shows a very low likelihood of exploitation overall; the vulnerability is not listed in the CISA KEV catalog.

The vulnerability affects Dassault Systèmes SOLIDWORKS eDrawings across Desktop releases 2025 through 2026. Any deployment of these releases running the eDrawings component is susceptible when processing EPRT files. Versions prior to 2025 and later than 2026 are not impacted.

The flaw is a heap‑based buffer overflow (CWE‑122) that can be triggered by opening a specially crafted EPRT file. Attackers must supply a file to a credentialed or non‑credentialed user; no remote network trigger is required. The CVSS score of 7.8 signals high severity, but the EPSS <1% indicates a very low overall likelihood of exploitation. The vulnerability is currently not listed in the CISA KEV catalog, suggesting no known widespread weaponization.