Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-0595— Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

CVSS 8.7 · High EPSS 0.34% · P57
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-0595

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
Source: NVD (National Vulnerability Database)
Vulnerability Description
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dassault Systèmes 3DSwymer 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dassault Systèmes 3DSwymer是法国达索系统(Dassault Systèmes)公司的一个平台。可帮助连接整个生态系统中的员工、合作伙伴和客户进行协作。 Dassault Systèmes 3DSwymer 3DEXPERIENCE R2022x版本至3DEXPERIENCE R2024x版本存在安全漏洞,该漏洞源于存在存储型跨站脚本,可能导致在用户浏览器会话中执行任意脚本代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Dassault Systèmes3DSwymer Release 3DEXPERIENCE R2022x Golden ~ Release 3DEXPERIENCE R2022x.FP.CFA.2433 -

II. Public POCs for CVE-2025-0595

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-0595

登录查看更多情报信息。

Same Patch Batch · Dassault Systèmes · 2025-03-17 · 13 CVEs total

CVE-2025-05968.7 HIGHStored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collab
CVE-2025-08338.7 HIGHStored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Colla
CVE-2025-08298.7 HIGHStored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborativ
CVE-2025-08288.7 HIGHStored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Pr
CVE-2025-08278.7 HIGHStored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release
CVE-2025-05988.7 HIGHStored Cross-site Scripting (XSS) vulnerability affecting Relations in ENOVIA Collaborativ
CVE-2025-06008.7 HIGHStored Cross-site Scripting (XSS) vulnerability affecting Product Explorer in ENOVIA Colla
CVE-2025-05998.7 HIGHStored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Co
CVE-2025-08268.7 HIGHStored Cross-site Scripting (XSS) vulnerability affecting 3D Navigate in ENOVIA Collaborat
CVE-2025-08328.7 HIGHStored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collabor
CVE-2025-08308.7 HIGHStored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Cha
CVE-2025-06018.7 HIGHStored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Colla

IV. Related Vulnerabilities

Same product: 3DSwymer
Same vendor: Dassault Systèmes
Same weakness: CWE-79

V. Comments for CVE-2025-0595

No comments yet

Leave a comment