The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued another urgent warning to organizations by adding a critical remote code execution vulnerability in PTC Windchill enterprise software to its Known Exploited Vulnerabilities (KEV) catalog. This action, taken in response to confirmed active exploitation, signals that attackers are actively targeting this vulnerability in the wild, elevating the threat level for organizations relying on these product management solutions.

The vulnerability specifically impacts PTC Windchill PDMlink and PTC FlexPLM, which are widely used enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) applications. These systems are critical for organizations managing complex product development processes, storing sensitive intellectual property, and maintaining design documentation across distributed teams. Security researchers have identified that attackers are leveraging this