Reflected Cross-site Scripting Vulnerability in ENOVIA Collaborative Industry Innovator by Dassault Systèmes
CVE-2025-12956

8.7HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Enovia Collaborative Industry Innovator
Vendor: CVE Published:; 8 December 2025

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2025-12956?

A reflected Cross-site Scripting (XSS) vulnerability in the ENOVIA Collaborative Industry Innovator enables attackers to inject and execute arbitrary scripts in the browser sessions of users. This issue spans from Release 3DEXPERIENCE R2022x through R2025x. By exploiting this vulnerability, an attacker could manipulate user interactions without authorization, potentially compromising sensitive information. Organizations utilizing the affected versions should implement security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

ENOVIA Collaborative Industry Innovator Release 3DEXPERIENCE R2022x Golden

ENOVIA Collaborative Industry Innovator Release 3DEXPERIENCE R2023x Golden

ENOVIA Collaborative Industry Innovator Release 3DEXPERIENCE R2024x Golden

References

https://www.3ds.com/trust-center/security/security-adviso...

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Nov 10, 2025

JSON