CVE-2025-10551 - Vulnerability Analysis
HighCVSS: 8.7Last Updated: March 31, 2026
ENOVIA Collaborative Industry Innovator - Stored XSS
Published: March 31, 2026Updated: March 31, 2026Remote Exploitable
Overview
ENOVIA Collaborative Industry Innovator Release 3DEXPERIENCE R2023x through R2025x contains a stored XSS caused by improper sanitization in Document Management, letting attackers execute arbitrary script code in user browsers, exploit requires user interaction.
Severity & Score
Severity: High
CVSS Score: 8.7
Impact
Attackers can execute arbitrary scripts in user browsers, potentially stealing session data or performing actions on behalf of users.
Mitigation
Update to the latest version beyond 3DEXPERIENCE R2025x.
Related Resources
Details
- CVE ID
- CVE-2025-10551
- Severity
- High
- CVSS Score
- 8.7
- Type
- stored_xss
- Status
- new
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N