CVE-2025-10553

HIGH

DELMIA Factory Resource Manager R2023x-R2025x - Stored XSS

Title source: manual

Description

A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

References (1)

Core 1

Core References

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10553

Scores

CVSS v3 8.7

EPSS 0.0017

EPSS Percentile 6.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (4)

3ds/3dexperience r2023x - r2025x

Dassault Systèmes/DELMIA Factory Resource Manager Release 3DEXPERIENCE R2023x Golden - Release 3DEXPERIENCE R2023x.FP.CFA.2541

Dassault Systèmes/DELMIA Factory Resource Manager Release 3DEXPERIENCE R2024x Golden - Release 3DEXPERIENCE R2024x.FP.CFA.2537

Dassault Systèmes/DELMIA Factory Resource Manager Release 3DEXPERIENCE R2025x Golden - Release 3DEXPERIENCE R2025x.FP.CFA.2514

Published Mar 31, 2026

Tracked Since Mar 31, 2026