CVE-2025-0600

Published Mar 17, 2025

Last updated 18 days ago

CVSS high 8.7

Overview

Description
A stored Cross-site Scripting (XSS) vulnerability affecting Product Explorer in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
Source
3DS.Information-Security@3ds.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.7
Impact score
5.8
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Severity
HIGH

Weaknesses

3DS.Information-Security@3ds.com
CWE-79

Social media

Hype score
Not currently trending

  1. New post from https://t.co/uXvPWJyEiR (CVE-2025-0600 | Dassault Systèmes ENOVIA Collaborative Industry Innovator cross site scripting) has been published on https://t.co/mWpD4PR3GX

    @WolfgangSesin

    17 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-0600 A stored Cross-site Scripting (XSS) vulnerability affecting Product Explorer in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacke… https://t.co/Urwns609Hz

    @CVEnew

    17 Mar 2025

    298 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2025-0600: HIGH] Critical XSS vulnerability discovered in Product Explorer of ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x enables attackers to run malicious scripts in user browser ...#cybersecurity,#vulnerability https://t.co/qd2ZG89Ivh https://t.

    @CveFindCom

    17 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References