Cyber Resilience

CVE-2025-0827

High

Published: 17 March 2025

Published
17 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS Score 0.0026 49.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0827 is a high-severity Cross-site Scripting (CWE-79) vulnerability in 3Ds (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-0827 is a stored Cross-site Scripting (XSS) vulnerability, classified under CWE-79, affecting the 3DPlay component in 3DSwymer across 3DEXPERIENCE releases from R2022x through R2024x. It enables an attacker to execute arbitrary script code within a user's browser session. The vulnerability carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to its network accessibility, low complexity, and potential for significant confidentiality and integrity impacts with a changed scope.

Exploitation requires an attacker to possess low privileges (PR:L) and involves user interaction (UI:R), such as a victim accessing malicious content over the network. A successful stored XSS attack allows the injected script to execute in the context of other users' browser sessions, potentially leading to high confidentiality and integrity violations, such as session hijacking, data theft, or further compromise within the affected application.

Mitigation details are outlined in the vendor advisory available at https://www.3ds.com/vulnerability/advisories. Security practitioners should consult this resource for patch information, workarounds, or upgrade guidance specific to the impacted 3DEXPERIENCE releases.

EU & UK References

Vulnerability details

A stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
Why these techniques?

Stored XSS in network-accessible web app enables public-facing application exploitation (T1190), arbitrary JavaScript execution in browser (T1059.007), and browser session hijacking (T1185) as described.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-23722Shared CWE-79
CVE-2025-68874Shared CWE-79
CVE-2025-53231Shared CWE-79
CVE-2026-22524Shared CWE-79
CVE-2025-0521Shared CWE-79
CVE-2025-15440Shared CWE-79
CVE-2025-22766Shared CWE-79
CVE-2026-22867Shared CWE-79
CVE-2025-40587Shared CWE-79
CVE-2022-50905Shared CWE-79

Affected Assets

3Ds
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely identification, reporting, and correction of the stored XSS flaw in 3DPlay via patching or upgrades as specified in the vendor advisory.

prevent

Prevents stored XSS exploitation by validating and sanitizing low-privilege user inputs to the 3DSwymer 3DPlay component before storage.

prevent

Blocks execution of injected scripts in victims' browser sessions by filtering and encoding information outputs from the vulnerable 3DPlay component.

References