Stored Cross-site Scripting Vulnerability in Risk Management of Project Portfolio Manager
CVE-2025-4985

8.7HIGH

Key Information:

Vendor

Dassault Systèmes

Status
Project Portfolio Manager
Vendor
CVE Published:
30 May 2025

What is CVE-2025-4985?

A vulnerability affecting the Risk Management functionality in the Project Portfolio Manager allows attackers to inject and execute arbitrary JavaScript code within a user's browser session. This risk is inherent in versions from 3DEXPERIENCE R2022x through R2025x, posing significant security concerns for users regarding data integrity and user authentication.

Affected Version(s)

Project Portfolio Manager Release 3DEXPERIENCE R2022x Golden

Project Portfolio Manager Release 3DEXPERIENCE R2023x Golden

Project Portfolio Manager Release 3DEXPERIENCE R2024x Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-4985 : Stored Cross-site Scripting Vulnerability in Risk Management of Project Portfolio Manager