PT-2025-11497 · Ds Systemes · Enovia Change Manager

Published

2025-03-17

Updated

2025-10-22

CVE-2025-0830

CVSS v3.1

8.7

High

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ENOVIA Change Manager versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x

Description A stored Cross-site Scripting (XSS) vulnerability in Meeting Management allows an attacker to execute arbitrary script code in a user's browser session. This issue affects ENOVIA Change Manager and enables attackers to run script code in user browsers.

Recommendations For versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x, ensure system security updates are in place to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the Meeting Management feature in ENOVIA Change Manager until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2025-11558

CVE-2025-0830

Affected Products

Enovia Change Manager

PT-2025-11497 · Ds Systemes · Enovia Change Manager

CVE-2025-0830

Weakness Enumeration

Related Identifiers

Affected Products

References · 9