CVE-2025-10554 – A stored Cross-site Scripting (XSS) vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-10554?

CVE-2025-10554 has a CVSS score of 8.7 (HIGH). A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Product Manager allows attackers to inject malicious scripts that execute in users' browsers when viewing affected requirements. This affects all users of 3DEXPERIENCE R2023x through R2025x who access the Requirements module. Attackers can steal session cookies, redirect users, or perform actions on their behalf.

📋 TL;DR

A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Product Manager allows attackers to inject malicious scripts that execute in users' browsers when viewing affected requirements. This affects all users of 3DEXPERIENCE R2023x through R2025x who access the Requirements module. Attackers can steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:

ENOVIA Product Manager

Versions: 3DEXPERIENCE R2023x through R2025x

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the Requirements module specifically. All deployments with this module enabled are affected.

📦 What is this software?

3dexperience Enovia by 3ds

View all CVEs affecting 3dexperience Enovia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover, data theft, privilege escalation, and lateral movement within the application by stealing administrator sessions.

🟠

Likely Case

Session hijacking, credential theft, defacement of requirements pages, and unauthorized actions performed in the context of authenticated users.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers preventing script execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to create/modify requirements. Stored XSS typically has low complexity once the injection point is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific fixed versions

Vendor Advisory: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10554

Restart Required: Yes

Instructions:

1. Review vendor advisory for specific patch versions. 2. Apply the latest security update from Dassault Systèmes. 3. Restart ENOVIA services. 4. Test Requirements functionality post-update.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement server-side input validation for all requirement fields to reject HTML/script content

Output Encoding

all

Apply proper output encoding when displaying requirement data in web interfaces

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Restrict user permissions for creating/modifying requirements to trusted users only

🔍 How to Verify

Check if Vulnerable:

Test by creating a requirement with basic XSS payload like <script>alert('test')</script> and check if it executes when viewed

Check Version:

Check ENOVIA/3DEXPERIENCE version through administration console or by consulting system documentation

Verify Fix Applied:

After patching, attempt the same XSS test payloads and verify they are properly sanitized or blocked

📡 Detection & Monitoring

Log Indicators:

Unusual requirement creation/modification patterns
Requests containing script tags or JavaScript in requirement data

Network Indicators:

HTTP requests with suspicious payloads in requirement parameters
Unexpected outbound connections from user browsers after viewing requirements

SIEM Query:

source="enovia_logs" AND (message CONTAINS "<script>" OR message CONTAINS "javascript:" OR message CONTAINS "onerror=" OR message CONTAINS "onload=")

📊 Metadata

CVE ID: CVE-2025-10554

CVSS v3 Score: 8.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (13.1th percentile)

Published: November 24, 2025

Last Updated: January 12, 2026

🔗 References

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10554 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10554, you might also want to check these: