CVE-2025-10553 PUBLISHED

Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x

Assigner: 3DS
Reserved: 16.09.2025 Published: 31.03.2026 Updated: 31.03.2026

A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
CVSS Score: 8.7

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Dassault Systèmes
Product	DELMIA Factory Resource Manager
Versions	Default: unaffected affected from Release 3DEXPERIENCE R2023x Golden to Release 3DEXPERIENCE R2023x.FP.CFA.2541 (incl.) affected from Release 3DEXPERIENCE R2024x Golden to Release 3DEXPERIENCE R2024x.FP.CFA.2537 (incl.) affected from Release 3DEXPERIENCE R2025x Golden to Release 3DEXPERIENCE R2025x.FP.CFA.2514 (incl.)

References

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10553

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE