{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10553", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "state": "PUBLISHED", "assignerShortName": "3DS", "dateReserved": "2025-09-16T12:56:37.160Z", "datePublished": "2026-03-31T08:41:35.663Z", "dateUpdated": "2026-03-31T13:32:40.143Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2026-03-31T08:41:35.663Z"}, "title": "Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "DELMIA Factory Resource Manager", "versions": [{"status": "affected", "version": "Release 3DEXPERIENCE R2023x Golden", "lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2541", "versionType": "custom"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2024x Golden", "lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2537", "versionType": "custom"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2025x Golden", "lessThanOrEqual": "Release 3DEXPERIENCE R2025x.FP.CFA.2514", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session."}]}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10553"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH"}}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T13:32:32.743232Z", "id": "CVE-2025-10553", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:32:40.143Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10553", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T13:32:32.743232Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:32:36.655Z"}}], "cna": {"title": "Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "DELMIA Factory Resource Manager", "versions": [{"status": "affected", "version": "Release 3DEXPERIENCE R2023x Golden", "versionType": "custom", "lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2541"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2024x Golden", "versionType": "custom", "lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2537"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2025x Golden", "versionType": "custom", "lessThanOrEqual": "Release 3DEXPERIENCE R2025x.FP.CFA.2514"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10553"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.", "supportingMedia": [{"type": "text/html", "value": "A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2026-03-31T08:41:35.663Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10553", "state": "PUBLISHED", "dateUpdated": "2026-03-31T13:32:40.143Z", "dateReserved": "2025-09-16T12:56:37.160Z", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "datePublished": "2026-03-31T08:41:35.663Z", "assignerShortName": "3DS"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session."}, {"lang": "es", "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado que afecta a la Gesti\u00f3n de Recursos de F\u00e1brica en DELMIA Factory Resource Manager desde la versi\u00f3n 3DEXPERIENCE R2023x hasta la versi\u00f3n 3DEXPERIENCE R2025x permite a un atacante ejecutar c\u00f3digo de script arbitrario en la sesi\u00f3n del navegador del usuario."}], "id": "CVE-2025-10553", "lastModified": "2026-04-01T14:24:02.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "3DS.Information-Security@3ds.com", "type": "Secondary"}]}, "published": "2026-03-31T09:16:21.823", "references": [{"source": "3DS.Information-Security@3ds.com", "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10553"}], "sourceIdentifier": "3DS.Information-Security@3ds.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "3DS.Information-Security@3ds.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[Release 3DEXPERIENCE R2023x Golden,Release 3DEXPERIENCE R2023x.FP.CFA.2541]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[Release 3DEXPERIENCE R2024x Golden,Release 3DEXPERIENCE R2024x.FP.CFA.2537]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[Release 3DEXPERIENCE R2025x Golden,Release 3DEXPERIENCE R2025x.FP.CFA.2514]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "DELMIA Factory Resource Manager", "source": "cna", "vendor": "Dassault Syst\u00e8mes"}, "product": "delmia_factory_resource_manager", "vendor": "dassault_syst\u00e8mes"}], "analysis": {"en": {"generated_at": "2026-03-31T10:51:30.699658+00:00", "value": {"mitigation_remediation": ["Identify the exact release version of DELMIA Factory Resource Manager deployed to determine if it falls within the affected range.", "Restrict access to the application\u2019s web interface to authenticated, trusted users and to trusted network segments.", "Configure a Content Security Policy that disallows inline scripts and sets script-src to a strict whitelist to mitigate stored XSS.", "Enable web application firewall rules that detect and block suspicious input payloads containing script tags.", "Monitor logs and user sessions for signs of abnormal activity, and review application input handling code for proper output encoding.", "Follow Dassault Syst\u00e8mes\u2019 advisories for future patches and update when a vendor remedy is released."], "summary": {"action": "Assess Impact", "impact": "Cross\u2011site scripting allowing arbitrary script execution in web browser sessions"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Dassault Syst\u00e8mes\u2019 DELMIA Factory Resource Manager, specifically its Factory Resource Management component, in all releases from 3DEXPERIENCE R2023x through R2025x. Systems running earlier or later releases are not listed as affected.", "description_and_impact": "A stored cross\u2011site scripting flaw in DELMIA Factory Resource Manager permits an attacker to inject and run arbitrary JavaScript during victim users\u2019 browser sessions. The attack could let the attacker hijack sessions, steal credentials, or deface the web interface, but these effects are inferred from the ability to execute scripts in the browser.", "risk_and_exploitability": "The flaw has a CVSS score of 8.7, indicating high severity. No EPSS score is available and the vulnerability is not listed in CISA\u2019s KEV catalog, implying there is no widely known exploit yet. The attack vector is inferred to be the web interface, where malicious input can be stored and later rendered in other users\u2019 browsers."}}}}, "created": "2026-03-31T19:56:02.396744+00:00", "updated": "2026-03-31T20:39:23.149901+00:00", "vendors": ["dassault_syst\u00e8mes", "dassault_syst\u00e8mes$PRODUCT$delmia_factory_resource_manager"]}