CNNVD-202510-1686 Information

CNNVD ID

CNNVD-202510-1686

Related CVE

CVE-2025-10557

• CNNVD Published: 2025-10-13

Description (Chinese)

Dassault Systèmes ENOVIA Specification Manager是法国达索系统（Dassault Systèmes）公司的一个用于创建、管理和协作产品规格的应用模块。 Dassault Systèmes ENOVIA Specification Manager R2022x版本至3DEXPERIENCE R2025x版本存在安全漏洞，该漏洞源于Issue Management存在存储型跨站脚本，可能导致攻击者在用户浏览器会话中执行任意脚本代码。

Description (English)

Dassault Systèmes ENOVIA Specification Manager is an application module for the creation, management and collaboration of product specifications of Dassault Systèmes, France. There is a security loophole between Dassault Systèmes ENOVIA Specification Manager R2022x and 3 DEXPERIENCE R2025x, which stems from the existence of storage-type cross-site scripts in Issue Management, which may result in any script code being enforced by the assailant in a user browser session.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Dassault Systèmes

Published

2025-10-13

Last Modified

2026-02-24

References

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10557

Patch

https://www.3ds.com/products/enovia