CVE-2025-12956
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-08
Assigner: Dassault Systèmes
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 3ds | enovia_collaborative_industry_innovator | 3dexeperience_r2022x |
| 3ds | enovia_collaborative_industry_innovator | 3dexeperience_r2025x |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reflected Cross-site Scripting (XSS) issue in ENOVIA Collaborative Industry Innovator versions from Release 3DEXPERIENCE R2022x through R2025x. It allows an attacker to inject and execute arbitrary script code in the browser session of a user, potentially leading to unauthorized actions or data exposure within the affected application.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute malicious scripts in your browser session when using the affected ENOVIA software. This can lead to theft of sensitive information, session hijacking, unauthorized actions performed on your behalf, and potential compromise of your data integrity and confidentiality.