CVE-2025-0833

Name of the Vulnerable Software and Affected Versions ENOVIA Collaborative Industry Innovator versions 3DEXPERIENCE R2023x through 3DEXPERIENCE R2024x

Description A stored Cross-site Scripting (XSS) vulnerability affects Route Management in ENOVIA Collaborative Industry Innovator, allowing an attacker to execute arbitrary script code in a user's browser session.

Recommendations Update from Release 3DEXPERIENCE R2023x to Release 3DEXPERIENCE R2024x to resolve the issue. As a temporary workaround, consider restricting access to the Route Management feature in ENOVIA Collaborative Industry Innovator until the update is applied.