CVE-2025-10556

📊 8.7 HIGH⚡ 0.0%🎯 0 exploits

📅 Published Oct 13, 2025

📋 Status: Analyzed

A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	3ds	3dexperience enovia	≥ r2023x ∧ ≤ r2025x	Vulnerable	cpe:2.3:a:3ds:3dexperience_enovia::::::::

📱

3ds / 3dexperience enovia

Application

Vulnerable

Version: ≥ r2023x ∧ ≤ r2025x

CPE:

cpe:2.3:a:3ds:3dexperience_enovia:*:*:*:*:*:*:*:*

Metrics

8.7 HIGHCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

LOW

User Interaction:

REQUIRED

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

NONE

Scope:

CHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

8.7 (HIGH)v3.1

Source: [email protected]

EPSS Details

0.0% (Minimal)8.5th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Oct 13, 2025 (19 days ago)

Last Modified

Oct 21, 2025 (10 days ago)

Security Weaknesses1

CWE-79

References2

NVDgeneral