CVE-2025-10552 HIGH

CVE-2025-10552: Stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x

Vendor Dassault Systèmes

Product 3DSwymer

Weakness CWE-79 · XSS

Published October 13, 2025

Last update October 14, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

Key dates

02Disclosure timeline

October 13, 2025 CVE published

October 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10552 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-7684 SourceCodester Kortex Lite Advocate Office Management System add_act.php cross site scripting CVE-2025-0709 Dcat-Admin Roles Page roles cross site scripting CVE-2025-52707 WordPress Firelight Lightbox plugin <= 2.3.16 - Cross Site Scripting (XSS) Vulnerability CVE-2024-33631 WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Authenticated Stored Cross Site Scripting (XSS) vulnerability CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

Identifiers

CVE CVE-2025-10552

CWE CWE-79

CVSS 8.7 / HIGH

Affected versions

Vendor Dassault Systèmes

Product 3DSwymer

Affected ≥ Release 3DEXPERIENCE R2025x Golden and ≤ Release 3DEXPERIENCE R2025x FP.CFA.2514