CVE-2025-0828

📊 8.7 HIGH⚡ 0.0%🎯 0 exploits

📅 Published Mar 17, 2025

📋 Status: Analyzed

A stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	3ds	3dexperience enovia	≥ r2022x ∧ ≤ r2024x	Vulnerable	cpe:2.3:a:3ds:3dexperience_enovia::::::::

📱

3ds / 3dexperience enovia

Application

Vulnerable

Version: ≥ r2022x ∧ ≤ r2024x

CPE:

cpe:2.3:a:3ds:3dexperience_enovia:*:*:*:*:*:*:*:*

Metrics

8.7 HIGHCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

LOW

User Interaction:

REQUIRED

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

NONE

Scope:

CHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

8.7 (HIGH)v3.1

Source: [email protected]

EPSS Details

0.0% (Minimal)12.3th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Mar 17, 2025 (7 months ago)

Last Modified

Oct 22, 2025 (10 days ago)

Security Weaknesses1

CWE-79

References2

NVDadvisory