CVE-2025-0832

Name of the Vulnerable Software and Affected Versions ENOVIA Collaborative Industry Innovator versions R2022x through R2024x

Description A stored Cross-site Scripting (XSS) vulnerability in Project Gantt allows an attacker to execute arbitrary script code in a user's browser session. This issue permits attackers to run arbitrary script code in user browsers.

Recommendations For versions R2022x through R2024x, consider disabling the Project Gantt feature until a patch is available to prevent exploitation of the stored Cross-site Scripting (XSS) vulnerability. Restrict access to the Project Gantt module to minimize the risk of exploitation. Avoid using the affected Project Gantt functionality in the ENOVIA Collaborative Industry Innovator until the issue is resolved.