CVE-2025-12956

Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x

CVSS 8.7 HIGHEPSS 0.2%CWE-79

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.7EPSS 0.2%KEV nãoPoC —Patch —

Ciclo de vida

08 dez 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Produtos afetados

Dassault Systèmes · ENOVIA Collaborative Industry Innovator

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-12956