CVE-2025-0598

Name of the Vulnerable Software and Affected Versions ENOVIA Collaborative Industry Innovator versions 3DEXPERIENCE R2023x through 3DEXPERIENCE R2024x

Description A stored Cross-site Scripting (XSS) vulnerability affects Relations in ENOVIA Collaborative Industry Innovator, allowing an attacker to execute arbitrary script code in a user's browser session. This enables attackers to run harmful code in the user's browser session.

Recommendations For versions 3DEXPERIENCE R2023x through 3DEXPERIENCE R2024x, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Relations feature in ENOVIA Collaborative Industry Innovator until a patch is available.