CVE-2025-10551

HIGH

ENOVIA Collaborative Industry Innovator R2023x-R2025x - Stored XSS in Document Management

Title source: manual

Description

A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

References (1)

Core 1

Core References

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10551

Scores

CVSS v3 8.7

EPSS 0.0017

EPSS Percentile 6.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (4)

3ds/3dexperience r2023x - r2025x

Dassault Systèmes/ENOVIA Collaborative Industry Innovator Release 3DEXPERIENCE R2023x Golden - Release 3DEXPERIENCE R2023x.FP.CFA.2541

Dassault Systèmes/ENOVIA Collaborative Industry Innovator Release 3DEXPERIENCE R2024x Golden - Release 3DEXPERIENCE R2024x.FP.CFA.2537

Dassault Systèmes/ENOVIA Collaborative Industry Innovator Release 3DEXPERIENCE R2025x Golden - Release 3DEXPERIENCE R2025x.FP.CFA.2514

Published Mar 31, 2026

Tracked Since Mar 31, 2026