Stored Cross-site Scripting Vulnerability in Results Analytics of 3DEXPERIENCE
CVE-2025-4988

8.7HIGH

Key Information:

Vendor

Dassault Systèmes

Status
Multidisciplinary Optimization Engineer
Vendor
CVE Published:
30 May 2025

What is CVE-2025-4988?

A stored Cross-site Scripting (XSS) vulnerability exists in the Results Analytics feature of the 3DEXPERIENCE platform, affecting versions from Release R2022x to R2024x. This security flaw permits attackers to insert and execute arbitrary script code within a user's browser session, which could lead to unauthorized access to sensitive information and user sessions. Organizations using these versions should apply necessary patches and review their security practices to mitigate potential exploitation.

Affected Version(s)

Multidisciplinary Optimization Engineer Release 3DEXPERIENCE R2022x Golden

Multidisciplinary Optimization Engineer Release 3DEXPERIENCE R2023x Golden

Multidisciplinary Optimization Engineer Release 3DEXPERIENCE R2024x Golden

References

https://www.3ds.com/vulnerability/advisories

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-4988 : Stored Cross-site Scripting Vulnerability in Results Analytics of 3DEXPERIENCE