CVE-2025-12956
📋 TL;DR
A reflected Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows attackers to inject malicious scripts into web pages viewed by users. This affects all users of ENOVIA from 3DEXPERIENCE R2022x through R2025x releases. Attackers can execute arbitrary JavaScript in victims' browsers when they click specially crafted links.
💻 Affected Systems
- ENOVIA Collaborative Industry Innovator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware via drive-by downloads.
Likely Case
Session hijacking, credential theft, or unauthorized actions within the ENOVIA application using stolen authentication tokens.
If Mitigated
Limited impact if proper input validation, output encoding, and Content Security Policy are implemented.
🎯 Exploit Status
Reflected XSS typically requires user interaction (clicking a malicious link) but is straightforward to exploit once the vulnerable parameter is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Dassault Systèmes security advisory for specific patched versions
Vendor Advisory: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-12956
Restart Required: Yes
Instructions:
1. Review Dassault Systèmes security advisory. 2. Apply the recommended patch or upgrade to a fixed version. 3. Restart ENOVIA services. 4. Verify the fix by testing previously vulnerable endpoints.
🔧 Temporary Workarounds
Web Application Firewall (WAF)
allDeploy a WAF with XSS protection rules to block malicious payloads.
Input Validation Filter
allImplement server-side input validation to reject suspicious parameters containing script tags or JavaScript.
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to restrict script execution sources.
- Educate users about phishing risks and not clicking untrusted links to ENOVIA applications.
🔍 How to Verify
Check if Vulnerable:
Test ENOVIA web interfaces by injecting basic XSS payloads (e.g., <script>alert('XSS')</script>) into URL parameters and observing if they execute.Check Version:
Check ENOVIA/3DEXPERIENCE version through administrative console or version files specific to your deployment.Verify Fix Applied:
Retest with the same XSS payloads after patching; scripts should not execute and should be properly encoded in output.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing suspicious script tags or JavaScript in query parameters
- Unusual parameter values in web server logs
Network Indicators:
- HTTP requests with encoded script payloads in URLs
- Traffic patterns showing repeated requests with similar malicious parameters
SIEM Query:
source="web_server_logs" AND (url="*<script>*" OR url="*javascript:*" OR param="*alert(*" OR param="*onerror=*" OR param="*onload=*")