How to fix CVE-2025-4988?

Within 7 days: Identify all affected systems running Results Analytics in Multidisciplinary Optimization Engineer and apply vendor patches promptly. Verify anti-CSRF tokens and content security policies are enforced.

Is Results Analytics affected by CVE-2025-4988?

CVE-2025-4988 presents significant security risk, a cross-site scripting vulnerability rated CVSS 8.7. Attackers could inject malicious scripts to steal user sessions, credentials, or perform actions on behalf of authenticated users.

Results Analytics CVE-2025-4988

HIGH

Cross-site Scripting (XSS) (CWE-79)

2025-05-30 [email protected]

XSS

8.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:44 vuln.today

CVE Published

May 30, 2025 - 15:15 nvd

HIGH 8.7

DescriptionNVD

A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

AnalysisAI

A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

Affected ProductsAI

Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2025-4988 vulnerability details – vuln.today

Back