CVE-2025-0828

Name of the Vulnerable Software and Affected Versions ENOVIA Product Engineering Specialist versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x

Description A stored Cross-site Scripting (XSS) vulnerability allows an attacker to execute arbitrary script code in a user's browser session. This issue affects the Engineering Release in ENOVIA Product Engineering Specialist.

Recommendations For versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to sensitive areas of the application that may be vulnerable to XSS attacks until a patch is available.