CVE-2025-10551 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79 that affects the Document Management component of Dassault Systèmes ENOVIA Collaborative Industry Innovator. This vulnerability exists in releases from 3DEXPERIENCE R2023x Golden through R2025x Golden. The flaw arises due to improper neutralization of input during web page generation, allowing malicious script code to be stored and later executed in the browsers of users who access the compromised content. An attacker with at least limited privileges (PR:L) can craft and store malicious input that, when rendered, executes arbitrary JavaScript in the context of the victim's session. The attack requires user interaction (UI:R), such as clicking a link or opening a document, and can compromise confidentiality and integrity by stealing session tokens, performing unauthorized actions, or exfiltrating sensitive data. The CVSS v3.1 base score is 8.7, reflecting network attack vector (AV:N), low attack complexity (AC:L), and scope change (S:C). No public exploits have been reported yet, but the vulnerability poses a significant risk due to the widespread use of ENOVIA in critical industries. The lack of available patches at the time of reporting necessitates immediate mitigation efforts to reduce exposure.

The impact of CVE-2025-10551 is substantial for organizations using ENOVIA Collaborative Industry Innovator in managing sensitive documents and collaborative workflows. Successful exploitation can lead to theft of user credentials, session hijacking, unauthorized data access, and manipulation of business-critical information. This can result in intellectual property theft, disruption of product development cycles, and damage to corporate reputation. Since ENOVIA is widely used in aerospace, automotive, manufacturing, and other high-value sectors, the compromise of these systems could have cascading effects on supply chains and national security interests. The vulnerability does not directly affect system availability but severely undermines confidentiality and integrity, potentially enabling further attacks or insider threats. Organizations lacking robust monitoring and input validation controls are particularly vulnerable to exploitation.

To mitigate CVE-2025-10551, organizations should implement the following specific measures: 1) Monitor Dassault Systèmes advisories closely and apply official patches or updates immediately upon release. 2) Enforce strict input validation and output encoding on all user-supplied data within ENOVIA, especially in document management modules, to prevent malicious script injection. 3) Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. 4) Conduct regular security training for users to recognize and avoid interacting with suspicious links or documents. 5) Implement multi-factor authentication (MFA) to reduce the impact of credential theft. 6) Use web application firewalls (WAFs) with custom rules to detect and block XSS payloads targeting ENOVIA endpoints. 7) Audit and limit user privileges to the minimum necessary to reduce the attack surface. 8) Employ continuous monitoring and logging to detect anomalous activities indicative of exploitation attempts. These targeted actions will help reduce the risk until patches are deployed.