彙總 Dassault Systèmes 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 SQL 注入與CSRF 等問題,部分漏洞可能導致 檔案覆寫,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-10559 | A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server. | [email protected] | 7.1 | 0.06% | 2026-03-31 | 2026-04-06 |
| CVE-2025-10553 | A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | [email protected] | 8.7 | 0.03% | 2026-03-31 | 2026-04-06 |
| CVE-2025-10551 | A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | [email protected] | 8.7 | 0.03% | 2026-03-31 | 2026-04-13 |
| CVE-2026-3476 | A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file. | [email protected] | 7.8 | 0.02% | 2026-03-16 | 2026-06-08 |
| CVE-2026-1335 | An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file. | [email protected] | 7.8 | 0.01% | 2026-02-16 | 2026-02-26 |
| CVE-2026-1334 | An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file. | [email protected] | 7.8 | 0.01% | 2026-02-16 | 2026-02-26 |
| CVE-2026-1333 | A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file. | [email protected] | 7.8 | 0.01% | 2026-02-16 | 2026-02-26 |
| CVE-2025-12956 | A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | [email protected] | 8.7 | 0.02% | 2025-12-08 | 2026-01-12 |
| CVE-2025-10554 | A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | [email protected] | 8.7 | 0.02% | 2025-11-24 | 2026-01-12 |
| CVE-2025-10558 | A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | [email protected] | 8.7 | 0.02% | 2025-10-13 | 2025-12-04 |
| CVE-2025-10557 | A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | [email protected] | 8.7 | 0.02% | 2025-10-13 | 2025-10-21 |
| CVE-2025-10556 | A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | [email protected] | 8.7 | 0.02% | 2025-10-13 | 2025-10-21 |
| CVE-2025-10552 | A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | [email protected] | 8.7 | 0.02% | 2025-10-13 | 2025-12-04 |
| CVE-2025-6205 KEV | A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application. | [email protected] | 9.1 | 82.80% | 2025-08-04 | 2025-10-29 |
| CVE-2025-6204 KEV | An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code. | [email protected] | 8.0 | 10.18% | 2025-08-04 | 2025-10-29 |
| CVE-2025-5086 KEV | A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution. | [email protected] | 9.0 | 41.39% | 2025-06-02 | 2025-10-29 |
| CVE-2025-0833 | A stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | [email protected] | 8.7 | 0.27% | 2025-03-17 | 2025-10-22 |
| CVE-2025-0832 | A stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | [email protected] | 8.7 | 0.27% | 2025-03-17 | 2025-10-22 |
| CVE-2025-0830 | A stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | [email protected] | 8.7 | 0.27% | 2025-03-17 | 2025-10-22 |
| CVE-2025-0829 | A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | [email protected] | 8.7 | 0.27% | 2025-03-17 | 2025-10-22 |