CVE-2025-0596
📋 TL;DR
A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator's Bookmark Editor allows attackers to inject malicious scripts that execute in users' browsers when viewing manipulated bookmarks. This affects all users of ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x who have access to the Bookmark Editor functionality.
💻 Affected Systems
- ENOVIA Collaborative Industry Innovator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware through drive-by downloads.
Likely Case
Session hijacking leading to unauthorized access, data theft, or manipulation of user-specific settings and data.
If Mitigated
Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.
🎯 Exploit Status
Requires authenticated access to create/modify bookmarks; stored XSS triggers when other users view the malicious bookmark.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patch version
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: No
Instructions:
1. Review the vendor advisory at the provided URL. 2. Apply the recommended patch or update to a fixed version. 3. Test the Bookmark Editor functionality post-patch.
🔧 Temporary Workarounds
Implement Content Security Policy (CSP)
allRestrict script execution sources to prevent XSS payloads from running.
Add CSP headers via web server configuration or application settings.
Disable Bookmark Editor for untrusted users
allLimit access to Bookmark Editor functionality to trusted administrators only.
Configure role-based access controls in ENOVIA to restrict Bookmark Editor permissions.
🧯 If You Can't Patch
- Implement strict input validation and output encoding for Bookmark Editor fields.
- Monitor and audit Bookmark Editor usage for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Test Bookmark Editor by attempting to inject script payloads (e.g., <script>alert('XSS')</script>) and check if they execute when viewed.Check Version:
Check ENOVIA version via administrative interface or consult system documentation.Verify Fix Applied:
After patching, repeat the vulnerability test to confirm script payloads are properly sanitized and do not execute.📡 Detection & Monitoring
Log Indicators:
- Unusual bookmark creation/modification patterns
- Log entries containing script tags or JavaScript in bookmark-related requests
Network Indicators:
- HTTP requests with suspicious payloads in bookmark parameters
- Unexpected outbound connections from user browsers after viewing bookmarks
SIEM Query:
source="web_logs" AND (uri="*bookmark*" AND (message="*<script>*" OR message="*javascript:*"))