CVE-2025-9976

CRITICAL

Station Launcher App <R2025x - Command Injection

Title source: llm

Description

An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine.

References (1)

Core 1

Core References

Various Sources

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9976

Scores

CVSS v3 9.0

EPSS 0.0094

EPSS Percentile 56.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (4)

Dassault Systèmes/Station Launcher App in 3DEXPERIENCE platform Release 3DEXPERIENCE R2022x Golden - Release 3DEXPERIENCE R2022x.FP.CFA.2540

Dassault Systèmes/Station Launcher App in 3DEXPERIENCE platform Release 3DEXPERIENCE R2023x Golden - Release 3DEXPERIENCE R2023x.FP.CFA.2532

Dassault Systèmes/Station Launcher App in 3DEXPERIENCE platform Release 3DEXPERIENCE R2024x Golden - Release 3DEXPERIENCE R2024x.FP.CFA.2537

Dassault Systèmes/Station Launcher App in 3DEXPERIENCE platform Release 3DEXPERIENCE R2025x Golden - Release 3DEXPERIENCE R2025x.FP.CFA.2532

Published Oct 13, 2025

Tracked Since Feb 18, 2026