PT-2025-23301 · Dsm · Multidisciplinary Optimization Engineer
Published
2025-05-30
·
Updated
2025-05-30
·
CVE-2025-4988
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Multidisciplinary Optimization Engineer versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x
Description
A stored Cross-site Scripting (XSS) vulnerability affects Results Analytics in Multidisciplinary Optimization Engineer, allowing an attacker to execute arbitrary script code in a user's browser session. This issue enables attackers to run malicious code on user browsers.
Recommendations
For versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x, consider disabling access to Results Analytics in Multidisciplinary Optimization Engineer until a patch is available to prevent the execution of arbitrary script code in user browser sessions.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Multidisciplinary Optimization Engineer