CVE-2025-4992

Name of the Vulnerable Software and Affected Versions Service Process Engineer versions 3DEXPERIENCE R2024x through 3DEXPERIENCE R2025x

Description A stored Cross-site Scripting (XSS) issue affects Service Items Management in Service Process Engineer, allowing an attacker to execute arbitrary script code in a user's browser session. This enables hackers to run malicious scripts in browsers.

Recommendations For versions 3DEXPERIENCE R2024x through 3DEXPERIENCE R2025x, update to a version that includes a fix for this issue to prevent stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.