CVE-2025-4989

Name of the Vulnerable Software and Affected Versions Product Manager versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x

Description A stored Cross-site Scripting (XSS) vulnerability in Product Manager allows an attacker to execute arbitrary script code in a user's browser session. This enables attackers to run harmful scripts in user sessions.

Recommendations For versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x, update to a version that includes a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.