CVE-2025-10554

🗓️ 24 Nov 2025 15:31:39Reported by 3DSType

Stored XSS in ENOVIA Product Manager Requirements from R2023x to R2025x enabling script execution.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-10554	24 Nov 202517:17	–	circl
CNNVD	Dassault Systèmes ENOVIA Product Manager 安全漏洞	24 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-10554 Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x	24 Nov 202515:31	–	cvelist
EUVD	EUVD-2025-198897	24 Nov 202515:31	–	euvd
NVD	CVE-2025-10554	24 Nov 202516:15	–	nvd
OSV	CVE-2025-10554	24 Nov 202516:15	–	osv
Positive Technologies	PT-2025-47929	24 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-10554	25 Nov 202516:11	–	redhatcve
Vulnrichment	CVE-2025-10554 Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x	24 Nov 202515:31	–	vulnrichment

NVD

Node

3ds 3dexperience_enoviaRanger2023x–r2025x

[
  {
    "vendor": "Dassault Systèmes",
    "product": "ENOVIA Product Manager",
    "versions": [
      {
        "status": "affected",
        "version": "Release 3DEXPERIENCE R2023x Golden",
        "lessThanOrEqual": "Release 3DEXPERIENCE R2023x FP.CFA.2505",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "Release 3DEXPERIENCE R2024x Golden",
        "lessThanOrEqual": "Release 3DEXPERIENCE R2024x FP.CFA.2450",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "Release 3DEXPERIENCE R2025x Golden",
        "lessThanOrEqual": "Release 3DEXPERIENCE R2025x FP.CFA.2514",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
3ds	www.3ds.com/trust-center/security/security-advisories/cve-2025-10554

12 Jan 2026 18:50Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.15.4 - 8.7

EPSS0.00026

SSVC

CWE-79