OS Command Injection in Station Launcher App by 3DEXPERIENCE
CVE-2025-9976

9CRITICAL

Key Information:

Vendor: Dassault Systèmes
Status: Station Launcher App In 3dexperience Platform
Vendor: CVE Published:; 13 October 2025

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2025-9976?

An OS Command Injection flaw exists in the Station Launcher App within the 3DEXPERIENCE platform, affecting versions from R2022x to R2025x. This vulnerability enables an attacker to execute arbitrary code on the user's machine, potentially compromising system integrity and data security.

Affected Version(s)

Station Launcher App in 3DEXPERIENCE platform Release 3DEXPERIENCE R2022x Golden

Station Launcher App in 3DEXPERIENCE platform Release 3DEXPERIENCE R2023x Golden

Station Launcher App in 3DEXPERIENCE platform Release 3DEXPERIENCE R2024x Golden

References

https://www.3ds.com/trust-center/security/security-adviso...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Sep 4, 2025

JSON