How to fix EUVD-2025-18374?

Within 24 hours: Inventory all Project Portfolio Manager instances and document affected versions; notify users to avoid untrusted Opportunity Management inputs; enable enhanced logging. Within 7 days: Deploy WAF rules to block script payloads in Opportunity Management fields; implement network segmentation to restrict PPM access to authorized users only; consider disabling Opportunity Management feature if non-critical. Within 30 days: Monitor vendor communications for patch availability; conduct security awareness training on XSS risks; perform audit of Opportunity Management data for injected content.

Is Opportunity Management affected by EUVD-2025-18374?

A stored XSS vulnerability in Dassault Systèmes' Project Portfolio Manager (3DEXPERIENCE R2023x-R2025x) allows attackers to inject malicious scripts that execute in user browsers, potentially compromising session credentials and sensitive project data.

Opportunity Management EUVD-2025-18374

| CVE-2025-4987 HIGH

Cross-site Scripting (XSS) (CWE-79)

2025-06-16 [email protected]

XSS

8.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18374

CVE Published

Jun 16, 2025 - 08:15 nvd

HIGH 8.7

DescriptionNVD

A stored Cross-site Scripting (XSS) vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

AnalysisAI

A cross-site scripting vulnerability (CVSS 8.7) that allows an attacker. High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-79 (Cross-site Scripting). CVSS 8.7 indicates high severity.

RemediationAI

Monitor vendor channels for patch availability.

EUVD-2025-18374 vulnerability details – vuln.today

Back