CVE-2025-4986

Name of the Vulnerable Software and Affected Versions 3DEXPERIENCE versions R2022x through R2025x

Description A stored Cross-site Scripting (XSS) vulnerability affects Model Definition in Product Manager, allowing an attacker to execute arbitrary script code in a user's browser session. This issue enables attackers to run malicious code in the user's browser.

Recommendations For versions R2022x through R2025x, consider disabling the Model Definition feature in Product Manager until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the Product Manager module to minimize the risk of exploitation. Avoid using the Product Manager for sensitive operations until the issue is resolved.