CVE-2025-9976 CRITICAL

CVE-2025-9976: OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x

Vendor Dassault Systèmes
Product Station Launcher App in 3DEXPERIENCE platform
Weakness CWE-78
Published October 13, 2025
Last update October 14, 2025

CVSS base score

9.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine.

Key dates

02Disclosure timeline

October 13, 2025 CVE published
October 14, 2025 Record updated