A vulnerability in the EPRT file reading procedure of SOLIDWORKS eDrawings can allow an attacker to execute arbitrary code when opening a specially crafted EPRT file. The flaw is a use of an uninitialized variable, which leads to undefined behavior and can be exploited to run arbitrary instructions under the context of the current user. This type of flaw poses a significant risk to confidentiality, integrity, and availability of the affected system.

The affected product is Dassault Systèmes SOLIDWORKS eDrawings in the 2025 and 2026 release lines, including all specified service packs: 2025 through 2025 sp5.0, 2025 sp4.0, 2025 sp3.0, 2025 sp2.0, 2025 sp1.0, and 2026 sp1.1.

The CVSS score for this issue is 7.8, indicating a high severity. The EPSS score is below 1%, suggesting a low probability of exploitation as of the latest data. This vulnerability is not listed in the CISA KEV catalog. The attack vector is most likely local, relying on the user opening a malicious EPRT file. Because the flaw arises from improper variable initialization during file parsing, an attacker can control the payload by crafting the file, but requires that the target user has privileges sufficient to run the application and that the file is opened in an unsecured context.