PTC Windchill and FlexPLM Remote Code Execution Vulnerability

Vulnerability

A critical remote code execution vulnerability has been identified in PTC Windchill PDMLink and PTC FlexPLM. This vulnerability arises from the deserialization of untrusted data, allowing for unauthorized execution of code. Affected versions include Windchill PDMLink 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, and 13.1.3.0, as well as FlexPLM versions 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, and 13.0.3.0.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where PTC Windchill or FlexPLM is installed.

Added: Mar 23, 2026, 10:19 PM

Updated: Mar 23, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.8

remediation

0.0

relevance

4.6

threat

0.0

urgency

10.0

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.8

remediation

0.0

relevance

4.6

threat

0.0

urgency

10.0

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PTC Windchill and FlexPLM Remote Code Execution Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating