Skip to main content

Delmia Factory Resource Manager CVE-2025-10559

| EUVDEUVD-2025-209135 HIGH
Path Traversal (CWE-22)
2026-03-31 3DS GHSA-8pjm-jgvr-53w9
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 31, 2026 - 09:15 euvd
EUVD-2025-209135
Analysis Generated
Mar 31, 2026 - 09:15 vuln.today
CVE Published
Mar 31, 2026 - 08:41 nvd
HIGH 7.1

DescriptionCVE.org

A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server.

AnalysisAI

Path traversal in DELMIA Factory Resource Manager (3DEXPERIENCE R2023x through R2025x) allows authenticated remote attackers to read sensitive files and write files to specific server directories. The vulnerability affects the Factory Resource Management component and requires low-privilege authentication (CVSS PR:L) with low attack complexity. EPSS data not available; no public exploit identified at time of analysis. This represents a significant data exposure risk in industrial manufacturing environments using Dassault Systèmes' 3DEXPERIENCE platform.

Technical ContextAI

DELMIA Factory Resource Manager is a component of Dassault Systèmes' 3DEXPERIENCE platform used for manufacturing resource planning and factory simulation. The vulnerability is a CWE-22 path traversal flaw, where insufficient input validation allows attackers to manipulate file paths using directory traversal sequences (e.g., '../') to access files outside intended directories. The affected CPE (cpe:2.3:a:dassault_systèmes:delmia_factory_resource_manager) indicates this is a server-side component accessible over the network. Path traversal vulnerabilities typically occur when user-supplied input is concatenated into file system operations without proper sanitization, canonicalization, or whitelist validation. In this case, the Factory Resource Management module fails to restrict file operations to safe directories, enabling both read and write access to server filesystem locations that should be protected.

RemediationAI

Apply vendor-released security updates from Dassault Systèmes as documented in their official security advisory at https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10559. The advisory should specify patched versions for each affected 3DEXPERIENCE release family (R2023x, R2024x, R2025x). Until patches can be deployed, implement network-level access controls to restrict Factory Resource Manager access to trusted users and IP ranges only. Review and audit user privilege assignments to ensure principle of least privilege, as the vulnerability requires authenticated access. Monitor file system access logs for unusual traversal patterns or access to sensitive directories. Consider disabling the Factory Resource Management component if not actively required for operations. Organizations should prioritize patching systems that handle proprietary manufacturing data or connect to production networks.

Share

CVE-2025-10559 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy