CVE-2025-10559
Path Traversal in DELMIA Factory Resource Manager Allows File Access
Publication date: 2026-03-31
Last updated on: 2026-04-06
Assigner: Dassault Systèmes
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 3ds | 3dexperience | From r2023x (inc) to r2025x (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10559 is a Path Traversal vulnerability affecting the Factory Resource Management component in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x.
This vulnerability allows an attacker to read or write files within specific directories on the affected server.
As a result, unauthorized access or modification of sensitive data on the server can occur.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized reading or writing of files on the server hosting the DELMIA Factory Resource Manager.
This may result in exposure or alteration of sensitive data, potentially compromising the integrity and confidentiality of your system.
Given the high severity rating, the impact could be significant depending on the data and files accessible through the vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to read or write files within specific directories on the affected server, potentially leading to unauthorized access or modification of sensitive data.
Such unauthorized access or modification of sensitive data could impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information.