CVE-2025-4990

Name of the Vulnerable Software and Affected Versions Change Governance in Product Manager versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x

Description A stored Cross-site Scripting (XSS) issue allows an attacker to execute arbitrary script code in a user's browser session. This affects Change Governance in Product Manager, enabling attackers to run scripts in a user's browser session.

Recommendations For versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x, update to a version that includes a fix for this issue to prevent the execution of arbitrary script code in user's browser sessions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.