An out‑of‑bounds write flaw exists in the EPRT file reading routine of SOLIDWORKS eDrawings. When an attacker opens a specially crafted EPRT file, the flaw allows the program to write beyond an intended buffer, potentially leading to arbitrary code execution. The weakness is classified as CWE‑787, a classic memory corruption vulnerability that can compromise confidentiality, integrity and availability by giving malicious code full control over the host system.

Dassault Systèmes' SOLIDWORKS eDrawings is impacted, specifically Release SOLIDWORKS Desktop 2025 and all builds through Release SOLIDWORKS Desktop 2026. All deployments using these versions are considered vulnerable unless patched or updated to a later release that addresses the flaw.

The CVSS v3.1 score of 7.8 indicates a high severity level. EPSS is below 1%, suggesting that, as of the latest data, exploitation attempts are rare or unlikely, and the vulnerability is not currently listed in the CISA KEV catalog. Nonetheless, the flaw can be leveraged by tricking a user or by an attacker who can place a malicious EPRT file on a machine where the user runs eDrawings. Because the exploitation requires the file to be processed by the application, the likely attack vector is local or via social engineering; a remote exploitation scenario would require the attacker to deliver the file to or cause the user to open it. The combination of high severity and the potential for arbitrary code execution warrants immediate action.