CVE-2025-9976
BaseFortify
Publication date: 2025-10-13
Last updated on: 2025-10-14
Assigner: Dassault Systèmes
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dassault_systèmes | station_launcher_app | * |
| dassault_systèmes | 3dexperience | 2025x |
| dassault_systèmes | 3dexperience | 2022x |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9976 is a critical OS Command Injection vulnerability in the Station Launcher App of the 3DEXPERIENCE platform (from Release R2022x through R2025x). It allows an attacker to execute arbitrary code on the user's machine by exploiting this app. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code on your machine, potentially leading to full compromise of your system, including unauthorized access, data theft, or disruption of services. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate steps to mitigate this vulnerability include applying the remediation provided by Dassault Systèmes Security Advisories for the Station Launcher App within the 3DEXPERIENCE platform versions R2022x through R2025x. Ensure that your Station Launcher App is updated to a version where this vulnerability is fixed. Additionally, restrict network access to the affected application and monitor for any suspicious activity until the patch is applied. [1]