Stored Cross-site Scripting Vulnerability in 3D Navigate by Dassault Systèmes
CVE-2025-0826

Currently unrated

Key Information:

Vendor: Dassault Systèmes
Status: 3D Navigate
Vendor: CVE Published:; 17 March 2025

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2025-0826?

A stored Cross-site Scripting (XSS) vulnerability exists in the 3D Navigate application of ENOVIA Collaborative Industry Innovator. This vulnerability allows attackers to inject and execute arbitrary script code within a user's browser session, potentially leading to unauthorized actions or data exposure. The issue affects versions from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, posing significant security concerns for users of this software.

References

https://www.3ds.com/vulnerability/advisories

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2025