CVE-2025-0829
📋 TL;DR
A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator's 3D Markup feature allows attackers to inject malicious scripts that execute in users' browsers when viewing manipulated 3D content. This affects all users of 3DEXPERIENCE R2022x through R2024x who access 3D Markup functionality. The vulnerability enables session hijacking, data theft, and unauthorized actions within user contexts.
💻 Affected Systems
- ENOVIA Collaborative Industry Innovator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, compromise entire ENOVIA instances, exfiltrate sensitive 3D design data, and pivot to internal networks through authenticated user sessions.
Likely Case
Attackers steal user session cookies and credentials, perform unauthorized actions within ENOVIA as authenticated users, and potentially access confidential 3D design files.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before execution, preventing any client-side compromise.
🎯 Exploit Status
Requires authenticated access to inject malicious scripts into 3D Markup content, but execution occurs automatically when legitimate users view the content.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Dassault Systèmes advisory for specific fixed versions
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: No
Instructions:
1. Review Dassault Systèmes security advisory. 2. Apply the recommended patch or upgrade to a fixed version. 3. Test 3D Markup functionality post-patch.
🔧 Temporary Workarounds
Disable 3D Markup functionality
allTemporarily disable 3D Markup features until patching is complete
Check ENOVIA administration console for feature toggles
Implement Content Security Policy (CSP)
webAdd CSP headers to restrict script execution sources
Add 'Content-Security-Policy' header with script-src directives
🧯 If You Can't Patch
- Implement strict input validation on all 3D Markup data inputs
- Enable output encoding for all 3D Markup content rendering
🔍 How to Verify
Check if Vulnerable:
Test 3D Markup functionality by attempting to inject script payloads and checking if they executeCheck Version:
Check ENOVIA/3DEXPERIENCE version in administration console or via system informationVerify Fix Applied:
Attempt the same XSS payloads after patching to confirm they no longer execute📡 Detection & Monitoring
Log Indicators:
- Unusual 3D Markup creation/modification patterns
- Suspicious script-like content in 3D data logs
Network Indicators:
- Unexpected external script loads from 3D Markup pages
- Suspicious data exfiltration from ENOVIA sessions
SIEM Query:
source="ENOVIA" AND (event="3D_MARKUP_CREATE" OR event="3D_MARKUP_MODIFY") AND content CONTAINS "<script>"