Refine your search
2 vulnerabilities found for DELMIA Factory Resource Manager by Dassault Systèmes
CVE-2025-10559 (GCVE-0-2025-10559)
Vulnerability from cvelistv5
Published
2026-03-31 08:41
Modified
2026-03-31 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dassault Systèmes | DELMIA Factory Resource Manager |
Version: Release 3DEXPERIENCE R2023x Golden < Version: Release 3DEXPERIENCE R2024x Golden < Version: Release 3DEXPERIENCE R2025x Golden < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T15:03:55.267937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T18:04:37.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Factory Resource Manager",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2541",
"status": "affected",
"version": "Release 3DEXPERIENCE R2023x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2537",
"status": "affected",
"version": "Release 3DEXPERIENCE R2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 3DEXPERIENCE R2025x.FP.CFA.2514",
"status": "affected",
"version": "Release 3DEXPERIENCE R2025x Golden",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server."
}
],
"value": "A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T08:41:43.180Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10559"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-10559",
"datePublished": "2026-03-31T08:41:43.180Z",
"dateReserved": "2025-09-16T12:56:50.206Z",
"dateUpdated": "2026-03-31T18:04:37.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10553 (GCVE-0-2025-10553)
Vulnerability from cvelistv5
Published
2026-03-31 08:41
Modified
2026-03-31 13:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dassault Systèmes | DELMIA Factory Resource Manager |
Version: Release 3DEXPERIENCE R2023x Golden < Version: Release 3DEXPERIENCE R2024x Golden < Version: Release 3DEXPERIENCE R2025x Golden < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T13:32:32.743232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:32:40.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DELMIA Factory Resource Manager",
"vendor": "Dassault Syst\u00e8mes",
"versions": [
{
"lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2541",
"status": "affected",
"version": "Release 3DEXPERIENCE R2023x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2537",
"status": "affected",
"version": "Release 3DEXPERIENCE R2024x Golden",
"versionType": "custom"
},
{
"lessThanOrEqual": "Release 3DEXPERIENCE R2025x.FP.CFA.2514",
"status": "affected",
"version": "Release 3DEXPERIENCE R2025x Golden",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user\u0027s browser session."
}
],
"value": "A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user\u0027s browser session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T08:41:35.663Z",
"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"shortName": "3DS"
},
"references": [
{
"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10553"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
"assignerShortName": "3DS",
"cveId": "CVE-2025-10553",
"datePublished": "2026-03-31T08:41:35.663Z",
"dateReserved": "2025-09-16T12:56:37.160Z",
"dateUpdated": "2026-03-31T13:32:40.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}