CVE-2025-10555

HIGH

DELMIA Service Process Engineer <R2025x - XSS

Title source: llm
STIX 2.1

Description

A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

References (1)

Core 1

Scores

CVSS v3 8.7
EPSS 0.0021
EPSS Percentile 10.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Dassault Systèmes/DELMIA Service Process Engineer Release 3DEXPERIENCE R2025x Golden - Release 3DEXPERIENCE R2025x FP.CFA.2514
Published Nov 24, 2025
Tracked Since Feb 18, 2026