Vulnerability Database

319,592

Total vulnerabilities in the database

CVE-2025-10556

A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

Published: Oct 13, 2025
Updated: Nov 17, 2025
CVE: CVE-2025-10556
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.7
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
3ds / 3dexperience_enovia	r2023x	r2025x.x

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10556

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo