← back
CVE-2025-10556

Stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x

CVSS 8.7 HIGHEPSS 0.2%CWE-79
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Affected products
Dassault Systèmes · ENOVIA Specification Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10556