CVE-2025-0832
📋 TL;DR
A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator's Project Gantt feature allows attackers to inject malicious scripts that execute in users' browsers when viewing affected content. This affects all 3DEXPERIENCE releases from R2022x through R2024x. Users accessing Project Gantt functionality are at risk of session hijacking, data theft, or unauthorized actions.
💻 Affected Systems
- ENOVIA Collaborative Industry Innovator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover, data exfiltration, privilege escalation, and lateral movement within the ENOVIA environment leading to business disruption.
Likely Case
Session hijacking, credential theft, unauthorized data access, and manipulation of user interfaces to perform actions on behalf of authenticated users.
If Mitigated
Limited to isolated user sessions with no sensitive data exposure if proper input validation and output encoding are implemented.
🎯 Exploit Status
Requires authenticated access to inject malicious scripts into stored content. Exploitation is straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched releases
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: Yes
Instructions:
1. Review Dassault Systèmes advisory for specific patch versions. 2. Apply the recommended update for your 3DEXPERIENCE release. 3. Restart ENOVIA services. 4. Validate fix by testing Project Gantt functionality.
🔧 Temporary Workarounds
Input Validation Enhancement
allImplement strict input validation and output encoding for Project Gantt data fields
Configuration through ENOVIA administration console - no direct commands
Content Security Policy
allImplement CSP headers to restrict script execution
Add CSP headers via web server configuration or application settings
🧯 If You Can't Patch
- Disable Project Gantt functionality if not essential
- Implement network segmentation and restrict access to ENOVIA to trusted users only
🔍 How to Verify
Check if Vulnerable:
Test Project Gantt fields for XSS by attempting to inject script payloads and checking if they executeCheck Version:
Check 3DEXPERIENCE version through ENOVIA administration interface or system informationVerify Fix Applied:
After patching, attempt the same XSS payloads and verify they are properly sanitized or blocked📡 Detection & Monitoring
Log Indicators:
- Unusual script tags or JavaScript in Project Gantt data fields
- Multiple failed login attempts followed by successful access to Project Gantt
Network Indicators:
- Unexpected outbound connections from ENOVIA servers after Project Gantt access
SIEM Query:
source="ENOVIA" AND (message="*script*" OR message="*javascript*") AND component="Project Gantt"