CVE-2025-0602

CVSS v3.1

8.7

High

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Collaborative Industry Innovator versions 3DEXPERIENCE R2023x through 3DEXPERIENCE R2025x

Description A stored Cross-site Scripting (XSS) vulnerability in the Compare feature allows an attacker to execute arbitrary script code in a user's browser session. This poses a critical cyber security risk.

Recommendations For versions 3DEXPERIENCE R2023x through 3DEXPERIENCE R2025x, consider disabling the Compare feature in Collaborative Industry Innovator until a patch is available to prevent the execution of arbitrary script code in user's browser sessions.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2025-11557

CVE-2025-0602

Affected Products

3Dexperience

CVE-2025-0602

Weakness Enumeration

Related Identifiers

Affected Products

References · 7