How to fix CVE-2025-12956?

Within 7 days: Identify all affected systems running ENOVIA Collaborative Industry Innovator from Release 3DEXPER and apply vendor patches promptly. Verify anti-CSRF tokens and content security policies are enforced.

Is 3dexperience Enovia affected by CVE-2025-12956?

Organizations using ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x face significant risk from CVE-2025-12956, a cross-site scripting vulnerability rated CVSS 8.7.

CVE-2025-12956

EUVD-2025-201689 HIGH

2025-12-08 [email protected]

XSS 3dexperience Enovia

8.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 17:54 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 17:54 euvd

EUVD-2025-201689

CVE Published

Dec 08, 2025 - 09:15 nvd

HIGH 8.7

DescriptionNVD

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

AnalysisAI

Technical ContextAI

Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding.

RemediationAI

Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.

CVE-2025-12956 vulnerability details – vuln.today

Back