CVE-2025-0601
📋 TL;DR
A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows attackers to inject malicious scripts into issue management content. When users view affected content, the scripts execute in their browser sessions, potentially compromising their accounts. This affects all deployments using 3DEXPERIENCE releases R2022x through R2024x.
💻 Affected Systems
- ENOVIA Collaborative Industry Innovator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems through the browser context.
Likely Case
Session hijacking leading to unauthorized access, data theft, or manipulation of ENOVIA data and processes by authenticated attackers.
If Mitigated
Limited impact with proper input validation and output encoding, though some data integrity issues may persist.
🎯 Exploit Status
Exploitation requires authenticated access to create/modify issue content. The stored nature means scripts persist and affect multiple users.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: No
Instructions:
1. Review the Dassault Systèmes security advisory. 2. Apply the recommended patch or update to a fixed version. 3. Validate the fix by testing issue management functionality.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement server-side validation and sanitization of all user input in issue management fields
Content Security Policy
allImplement strict Content Security Policy headers to restrict script execution
🧯 If You Can't Patch
- Restrict user permissions for creating/modifying issue content to trusted users only
- Implement web application firewall rules to detect and block XSS payloads in issue management requests
🔍 How to Verify
Check if Vulnerable:
Test by attempting to inject script payloads into issue management fields and observing if they execute when viewedCheck Version:
Check ENOVIA/3DEXPERIENCE version through administration console or system informationVerify Fix Applied:
After patching, attempt the same XSS payloads and verify they are properly sanitized and do not execute📡 Detection & Monitoring
Log Indicators:
- Unusual patterns in issue creation/modification logs
- Multiple failed XSS attempts in web server logs
Network Indicators:
- HTTP requests containing script tags or JavaScript in issue management endpoints
SIEM Query:
source="web_server" AND (uri="*issue*" OR uri="*management*") AND (content="<script>" OR content="javascript:")