CVE-2025-0596

Name of the Vulnerable Software and Affected Versions ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x

Description A stored Cross-site Scripting (XSS) vulnerability affects the Bookmark Editor, allowing an attacker to execute arbitrary script code in a user's browser session. This enables attackers to run scripts in user's browser sessions.

Recommendations For ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x, consider disabling the Bookmark Editor feature until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the Bookmark Editor to minimize the risk of exploitation.