CVE-2025-0826
📋 TL;DR
A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator's 3D Navigate component allows attackers to inject malicious scripts that execute in users' browsers when viewing compromised content. This affects all users of 3DEXPERIENCE R2022x through R2024x who access the vulnerable 3D Navigate feature. Attackers could steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- ENOVIA Collaborative Industry Innovator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover leading to data theft, privilege escalation, and lateral movement within the ENOVIA environment, potentially compromising sensitive intellectual property and engineering data.
Likely Case
Session hijacking allowing attackers to impersonate legitimate users, access confidential documents, and modify engineering data without authorization.
If Mitigated
Limited impact with proper input validation and output encoding in place, potentially reduced to minor UI disruption or information leakage.
🎯 Exploit Status
Requires attacker to have access to inject malicious content into the 3D Navigate component, which typically requires some level of user privileges. The stored nature means the payload persists and affects multiple users.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply the latest security patch from Dassault Systèmes for your specific 3DEXPERIENCE release
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: No
Instructions:
1. Review the Dassault Systèmes security advisory. 2. Download the appropriate patch for your 3DEXPERIENCE version. 3. Apply the patch following vendor instructions. 4. Test the 3D Navigate functionality post-patch.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation and output encoding for all user-supplied content in the 3D Navigate component
Content Security Policy (CSP)
allImplement a strict Content Security Policy to prevent execution of unauthorized scripts
🧯 If You Can't Patch
- Disable or restrict access to the 3D Navigate component if not business-critical
- Implement network segmentation and web application firewall (WAF) rules to detect and block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Test the 3D Navigate component by attempting to inject script payloads and observing if they execute in user browsersCheck Version:
Check your 3DEXPERIENCE version through the ENOVIA administration console or system informationVerify Fix Applied:
After patching, attempt the same XSS payload injection and verify scripts no longer execute📡 Detection & Monitoring
Log Indicators:
- Unusual script tags or JavaScript in 3D Navigate content logs
- Multiple failed login attempts from unexpected locations following 3D Navigate access
Network Indicators:
- Unexpected outbound connections from user browsers after accessing 3D Navigate content
- Suspicious JavaScript payloads in HTTP requests to ENOVIA
SIEM Query:
source="ENOVIA" AND ("script" OR "javascript" OR "onerror" OR "onload") AND "3D Navigate"