CVE-2025-0826

Name of the Vulnerable Software and Affected Versions ENOVIA Collaborative Industry Innovator versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x

Description A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows an attacker to execute arbitrary script code in a user's browser session, potentially exposing users to browser session hijacking.

Recommendations Update to Release 3DEXPERIENCE R2024x for protection. As a temporary workaround, consider restricting access to the 3D Navigate feature in affected versions until a patch is available.