CVE-2025-10551
CVE-2025-10551
8.7
HighPublished:
Last updated:
Source:3DS.Information-Security@3ds.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- Required
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- None
Description
A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
References
3DS.Information-Security@3ds.com
https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10551