CVE-2025-4991

Name of the Vulnerable Software and Affected Versions Collaborative Industry Innovator versions R2022x through R2025x

Description A stored Cross-site Scripting (XSS) vulnerability in 3D Markup allows an attacker to execute arbitrary script code in a user's browser session. This issue affects the Collaborative Industry Innovator and enables attackers to run malicious scripts in user browsers.

Recommendations For versions R2022x through R2025x, consider disabling the 3D Markup feature in Collaborative Industry Innovator until a patch is available to prevent the execution of arbitrary script code in user browser sessions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.