CVE-2025-10559 PUBLISHED

Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x

Assigner: 3DS
Reserved: 16.09.2025 Published: 31.03.2026 Updated: 31.03.2026

A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVSS Score: 7.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Dassault Systèmes
Product	DELMIA Factory Resource Manager
Versions	Default: unaffected affected from Release 3DEXPERIENCE R2023x Golden to Release 3DEXPERIENCE R2023x.FP.CFA.2541 (incl.) affected from Release 3DEXPERIENCE R2024x Golden to Release 3DEXPERIENCE R2024x.FP.CFA.2537 (incl.) affected from Release 3DEXPERIENCE R2025x Golden to Release 3DEXPERIENCE R2025x.FP.CFA.2514 (incl.)

References

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10559

Problem Types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE