CVE 8.7 HIGH

Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x_CVE-2025-12956

December 8, 2025 invoker category_cve
8.7 / 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Description

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

AI Analysis

Reflected Cross-site Scripting (XSS) vulnerability allowing an attacker to execute arbitrary script code in user's browser session

Basic Information

ID CVE-2025-12956
Source 3DS
Published Dec 8, 2025 at 08:38

Affected Product

Vendor Dassault Systèmes
Product ENOVIA Collaborative Industry Innovator
Version Release 3DEXPERIENCE R2022x Golden
Affected Versions Dassault Systèmes ENOVIA Collaborative Industry Innovator Release 3DEXPERIENCE R2022x Golden
Dassault Systèmes ENOVIA Collaborative Industry Innovator Release 3DEXPERIENCE R2023x Golden
Dassault Systèmes ENOVIA Collaborative Industry Innovator Release 3DEXPERIENCE R2024x Golden
Dassault Systèmes ENOVIA Collaborative Industry Innovator Release 3DEXPERIENCE R2025x Golden

CWE Classification

CWE-79

AI Assessment

AI Score 8.7 / 10
AI Severity High
Vendor Dassault Systèmes
Product ENOVIA Collaborative Industry Innovator
Version Release 3DEXPERIENCE R2022x Golden, Release 3DEXPERIENCE R2023x Golden, Release 3DEXPERIENCE R2024x Golden, Release 3DEXPERIENCE R2025x Golden

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.