CVE-2025-0601

Name of the Vulnerable Software and Affected Versions ENOVIA Collaborative Industry Innovator versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x

Description A stored Cross-site Scripting (XSS) vulnerability affects Issue Management in ENOVIA Collaborative Industry Innovator, allowing an attacker to execute arbitrary script code in a user's browser session.

Recommendations For versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x, consider disabling the Issue Management feature in ENOVIA Collaborative Industry Innovator until a patch is available to prevent exploitation of the stored Cross-site Scripting (XSS) vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.