CVE-2025-4985

Name of the Vulnerable Software and Affected Versions Project Portfolio Manager versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x

Description A stored Cross-site Scripting (XSS) issue affects Risk Management in Project Portfolio Manager, allowing an attacker to execute arbitrary script code in a user's browser session. This enables attackers to run malicious scripts in the user's browser.

Recommendations For versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x, update to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.