CVE-2025-9976
📋 TL;DR
This CVE describes an OS command injection vulnerability in the Station Launcher App of the 3DEXPERIENCE platform. Attackers can execute arbitrary code on affected systems by injecting malicious commands. Users running 3DEXPERIENCE R2022x through R2025x are vulnerable.
💻 Affected Systems
- 3DEXPERIENCE platform Station Launcher App
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise allowing attacker to install malware, steal data, pivot to other systems, or deploy ransomware across the network.
Likely Case
Local privilege escalation leading to data theft, system manipulation, or persistence mechanisms being installed.
If Mitigated
Limited impact with proper network segmentation and endpoint protection blocking malicious payloads.
🎯 Exploit Status
Command injection vulnerabilities typically have low exploitation complexity once the injection point is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9976
Restart Required: Yes
Instructions:
1. Review the vendor advisory for specific patched versions
2. Update 3DEXPERIENCE platform to the latest secure version
3. Restart affected services and verify functionality
🔧 Temporary Workarounds
Network Segmentation
allIsolate 3DEXPERIENCE systems from critical networks and internet access
Application Whitelisting
allRestrict which applications can be executed from the Station Launcher context
🧯 If You Can't Patch
- Implement strict network segmentation to isolate vulnerable systems
- Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check 3DEXPERIENCE version against affected range R2022x through R2025xCheck Version:
Check 3DEXPERIENCE platform version through administrative interface or installation logsVerify Fix Applied:
Verify installation of patched version specified in vendor advisory📡 Detection & Monitoring
Log Indicators:
- Unusual command execution from Station Launcher process
- Suspicious child processes spawned from 3DEXPERIENCE components
Network Indicators:
- Unexpected outbound connections from 3DEXPERIENCE systems
- Command and control traffic patterns
SIEM Query:
Process creation events where parent process contains 'StationLauncher' or '3DEXPERIENCE' with suspicious command line arguments