Search criteria
2 vulnerabilities found for Service Process Engineer by Dassault Systèmes
CVE-2025-4992 (GCVE-0-2025-4992)
Vulnerability from cvelistv5 – Published: 2025-05-30 14:15 – Updated: 2025-05-30 22:00
VLAI?
Summary
A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
Severity ?
8.7 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dassault Systèmes | Service Process Engineer |
Affected:
Release 3DEXPERIENCE R2024x Golden , ≤ Release 3DEXPERIENCE R2024x.FP.CFA.2450
(custom)
Affected: Release 3DEXPERIENCE R2025x Golden |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T14:39:20.279028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T22:00:31.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Service Process Engineer",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2450",
"status": "affected",
"version": "Release 3DEXPERIENCE R2024x Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2025x Golden"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user\u0027s browser session."
}
],
"value": "A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user\u0027s browser session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:15:45.186Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-4992",
"datePublished": "2025-05-30T14:15:45.186Z",
"dateReserved": "2025-05-20T07:30:49.160Z",
"dateUpdated": "2025-05-30T22:00:31.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4992 (GCVE-0-2025-4992)
Vulnerability from nvd – Published: 2025-05-30 14:15 – Updated: 2025-05-30 22:00
VLAI?
Summary
A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
Severity ?
8.7 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dassault Systèmes | Service Process Engineer |
Affected:
Release 3DEXPERIENCE R2024x Golden , ≤ Release 3DEXPERIENCE R2024x.FP.CFA.2450
(custom)
Affected: Release 3DEXPERIENCE R2025x Golden |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T14:39:20.279028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T22:00:31.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Service Process Engineer",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2450",
"status": "affected",
"version": "Release 3DEXPERIENCE R2024x Golden",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2025x Golden"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user\u0027s browser session."
}
],
"value": "A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user\u0027s browser session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:15:45.186Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/vulnerability/advisories"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-4992",
"datePublished": "2025-05-30T14:15:45.186Z",
"dateReserved": "2025-05-20T07:30:49.160Z",
"dateUpdated": "2025-05-30T22:00:31.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}