CVE-2025-10559 is a path traversal vulnerability identified in Dassault Systèmes' DELMIA Factory Resource Manager, specifically affecting releases from 3DEXPERIENCE R2023x Golden through R2025x Golden. The vulnerability arises due to improper validation and limitation of pathname inputs (CWE-22), allowing an attacker to manipulate file path parameters to access or modify files outside the intended directory scope on the server hosting the Factory Resource Manager. This flaw can be exploited remotely over the network (AV:N) with low attack complexity (AC:L), requiring the attacker to have some level of privileges (PR:L), but no user interaction (UI:N) is necessary. The vulnerability impacts confidentiality highly (C:H) by enabling unauthorized reading of sensitive files, while integrity impact is low (I:L) due to limited write capabilities, and availability is unaffected (A:N). The scope remains unchanged (S:U), meaning the vulnerability affects only the vulnerable component. Although no public exploits have been reported yet, the vulnerability's nature and affected product's critical role in manufacturing resource management pose significant risks. DELMIA Factory Resource Manager is widely used in industrial and manufacturing sectors for factory planning and resource management, making this vulnerability particularly concerning for organizations relying on these systems for operational continuity and intellectual property protection.

The primary impact of CVE-2025-10559 is the unauthorized disclosure of sensitive information due to the ability to read arbitrary files on the server. This can lead to exposure of intellectual property, configuration files, credentials, or other sensitive data critical to manufacturing operations. The ability to write files, although limited, could allow attackers to modify configuration or operational files, potentially leading to process disruptions or further compromise. Given the industrial context, such unauthorized access could disrupt factory resource planning, cause operational delays, or facilitate further attacks such as ransomware or espionage. Organizations worldwide that rely on DELMIA Factory Resource Manager for factory automation and resource management face risks to confidentiality and operational integrity. The vulnerability could also be leveraged as a foothold for lateral movement within corporate networks. The absence of known exploits currently provides a window for mitigation, but the high CVSS score indicates a serious threat if exploited.

To mitigate CVE-2025-10559, organizations should implement the following specific measures: 1) Monitor Dassault Systèmes advisories closely and apply patches or updates as soon as they become available for the affected DELMIA Factory Resource Manager releases. 2) Restrict network access to the Factory Resource Manager servers by implementing network segmentation and firewall rules to limit exposure to trusted users and systems only. 3) Enforce the principle of least privilege by ensuring that user accounts and service accounts interacting with the Factory Resource Manager have minimal necessary permissions, reducing the impact of compromised credentials. 4) Conduct input validation and sanitization on any user-supplied file path parameters at the application or proxy level if possible, to detect and block path traversal attempts. 5) Implement file integrity monitoring on critical directories to detect unauthorized file modifications or creations. 6) Review and harden server configurations to limit file system permissions, ensuring the application process cannot access directories beyond its scope. 7) Employ logging and alerting mechanisms to detect suspicious file access patterns indicative of path traversal exploitation attempts. 8) Conduct regular security assessments and penetration testing focused on path traversal and related vulnerabilities in the Factory Resource Manager environment.