Cyber Posture

CVE-2025-0596

High

Published: 17 March 2025

Published
17 March 2025
Modified
22 October 2025
KEV Added
Patch
CVSS Score 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS Score 0.0035 57.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0596 is a high-severity Cross-site Scripting (CWE-79) vulnerability in 3Ds 3Dexperience Enovia. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked in the top 42.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to JavaScript (T1059.007) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Validates inputs to the Bookmark Editor to prevent injection of malicious script payloads that enable stored XSS.

SI-15 Information Output Filtering good match
prevent

Filters outputs when rendering bookmarks to neutralize injected scripts and prevent execution in victims' browser sessions.

SI-2 Flaw Remediation good match
prevent

Ensures timely remediation of the specific XSS flaw in ENOVIA Bookmark Editor via vendor patches from the advisory.

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
attack.mitre.org →
T1056.001 Keylogging Collection
Adversaries may log user keystrokes to intercept credentials as the user types them.
attack.mitre.org →
T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
attack.mitre.org →
Why these techniques?

Stored XSS enables arbitrary JavaScript execution in victim browser sessions, directly facilitating T1059.007 (JavaScript abuse for cookie theft, keylogging, data capture), T1056.001 (keylogging), and T1185 (session hijacking via stolen cookies).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A stored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

Deeper analysisAI

CVE-2025-0596 is a stored Cross-site Scripting (XSS) vulnerability, classified under CWE-79, affecting the Bookmark Editor in ENOVIA Collaborative Industry Innovator on the 3DEXPERIENCE R2024x release. Published on 2025-03-17, it enables an attacker to execute arbitrary script code within a user's browser session. The vulnerability carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to network accessibility, low complexity, and significant impacts on confidentiality and integrity.

An authenticated attacker with low privileges (PR:L) can exploit this by injecting a malicious script payload into the Bookmark Editor, where it is stored and persists for other users. Exploitation requires user interaction (UI:R), such as a victim viewing or editing the affected bookmark over the network (AV:N). Successful execution occurs in the victim's browser session with changed scope (S:C), allowing high-impact compromise of confidentiality (C:H) and integrity (I:H), such as stealing session cookies, keystrokes, or sensitive data displayed in the application.

Mitigation details are provided in the vendor advisory at https://www.3ds.com/vulnerability/advisories.

Details

CWE(s)
CWE-79

Affected Products

3ds
3dexperience enovia
r2024x

CVEs Like This One

CVE-2025-0828Same product: 3Ds 3Dexperience Enovia
CVE-2025-0598Same product: 3Ds 3Dexperience Enovia
CVE-2025-0833Same product: 3Ds 3Dexperience Enovia
CVE-2025-0829Same product: 3Ds 3Dexperience Enovia
CVE-2025-0599Same product: 3Ds 3Dexperience Enovia
CVE-2025-0830Same product: 3Ds 3Dexperience Enovia
CVE-2025-0600Same product: 3Ds 3Dexperience Enovia
CVE-2025-0832Same product: 3Ds 3Dexperience Enovia
CVE-2025-0601Same product: 3Ds 3Dexperience Enovia
CVE-2025-0826Same product: 3Ds 3Dexperience Enovia

References