CVE-2025-10553 is a stored Cross-site Scripting (XSS) vulnerability classified under CWE-79, affecting Dassault Systèmes DELMIA Factory Resource Manager across multiple releases from 3DEXPERIENCE R2023x to R2025x. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, allowing malicious script code to be stored and later executed in the browsers of users who access the affected pages. This stored XSS can be exploited by an attacker with limited privileges (PR:L) who can inject payloads that execute with the privileges of other users, potentially leading to session hijacking, theft of sensitive information, or unauthorized actions within the application. The CVSS v3.1 score of 8.7 reflects a high severity due to network attack vector (AV:N), low attack complexity (AC:L), requirement for privileges (PR:L), and user interaction (UI:R), with a scope change (S:C) indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality and integrity is high, while availability is not affected. No public exploits have been reported yet, but the vulnerability is published and known. The affected product is widely used in industrial manufacturing and factory resource management, making it a critical concern for organizations relying on these systems for operational continuity and security.

The impact of CVE-2025-10553 is significant for organizations using DELMIA Factory Resource Manager in industrial and manufacturing environments. Successful exploitation can lead to unauthorized script execution within user sessions, enabling attackers to steal session cookies, credentials, or other sensitive data, and perform actions on behalf of legitimate users. This compromises confidentiality and integrity of data and may facilitate further attacks such as privilege escalation or lateral movement within the network. Given the industrial context, such breaches could disrupt factory operations, cause data leakage of proprietary manufacturing processes, and damage organizational reputation. The requirement for limited privileges and user interaction lowers the barrier for exploitation compared to vulnerabilities needing administrative access, increasing the risk. Although no known exploits are currently active in the wild, the high CVSS score and broad deployment of the affected software imply a substantial potential impact if exploited.

1. Apply official security patches from Dassault Systèmes promptly once released to address CVE-2025-10553. 2. Until patches are available, implement strict input validation and output encoding on all user-supplied data within DELMIA Factory Resource Manager to neutralize potentially malicious scripts. 3. Restrict user privileges to the minimum necessary, limiting the ability of users to inject or store scripts. 4. Employ Content Security Policy (CSP) headers to reduce the risk of script execution from untrusted sources. 5. Conduct regular security audits and code reviews focusing on input handling and web page generation logic. 6. Educate users about the risks of interacting with untrusted content and encourage cautious behavior. 7. Monitor application logs and network traffic for unusual activities indicative of attempted XSS exploitation. 8. Consider deploying web application firewalls (WAFs) with rules tailored to detect and block XSS payloads targeting DELMIA Factory Resource Manager.