CVE-2025-10551 - Vulnerability Analysis
HighCVSS: 8.7Last Updated: April 1, 2026
ENOVIA Collaborative Industry Innovator - Stored XSS
Overview
ENOVIA Collaborative Industry Innovator Release 3DEXPERIENCE R2023x through R2025x contains a stored XSS caused by improper sanitization in Document Management, letting attackers execute arbitrary script code in user browsers, exploit requires user interaction.
Severity & Score
Impact
Attackers can execute arbitrary scripts in user browsers, potentially stealing session data or performing actions on behalf of users.
Mitigation
Update to the latest version beyond 3DEXPERIENCE R2025x.
Social Media Activity(2 posts)
š CVE-2025-10551 - High (8.7) A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in ... š https://www.thehackerwire.com/vulnerability/CVE-2025-10551/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš CVE-2025-10551 - High (8.7) A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in ... š https://www.thehackerwire.com/vulnerability/CVE-2025-10551/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-10551
- Severity
- High
- CVSS Score
- 8.7
- Type
- stored_xss
- Status
- unconfirmed
- EPSS
- 3.2%
- Social Posts
- 2
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N