CVE-2025-10559: High Vulnerability in 3ds 3DEXPERIENCE

CVE-2025-10559 is a high-severity path traversal vulnerability affecting the Factory Resource Management component in DELMIA Factory Resource Manager. This vulnerability allows attackers to read or write files in specific directories on the server, which can lead to significant data exposure or manipulation. The CVSS score for this vulnerability is 7.1, indicating a high level of risk that organizations must address promptly.

The risk to organizations includes unauthorized access to sensitive files, which could compromise system integrity and confidentiality. Given that this vulnerability has been assigned a CVSS score of 9.1 by the NVD, it highlights the critical nature of the threat posed. The urgency for defenders is paramount, as attackers may exploit this vulnerability in environments running affected versions of 3DEXPERIENCE.

Currently, there is no public exploit confirmed for this vulnerability, and it is not listed in the Known Exploited Vulnerabilities (KEV) catalog. Nonetheless, organizations should treat it as a potential target, especially given the nature of the vulnerability and its impact on confidentiality and integrity.

Organizations should prioritize patching immediately to mitigate the risks associated with CVE-2025-10559. Ensuring all instances of DELMIA Factory Resource Manager are updated to the latest versions can significantly reduce the attack surface.

Vulnerability Details

The official description of CVE-2025-10559 states that it is a path traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x. This vulnerability allows an attacker to read or write files in specific directories on the server.

The vulnerability is classified under CWE-22, which pertains to improper limitation of a pathname to a restricted directory. The CVSS score for this vulnerability is 7.1, with a high severity classification. The attack vector is network-based, indicating that it can be exploited remotely, and the attack complexity is low, as no specific privileges or user interaction are required.

The affected product is 3DEXPERIENCE, with versions ranging from R2023x to R2025x being vulnerable. It is crucial for organizations utilizing these versions to assess their risk and implement appropriate mitigations.

Technical Analysis

The root cause of CVE-2025-10559 stems from inadequate input validation, allowing attackers to manipulate file paths and access unauthorized directories. The attack vector is network-based, meaning that exploitation can occur without needing physical access to the targeted system.

The attack complexity is categorized as low, as attackers can exploit the vulnerability without any special privileges or user interaction. This means that even low-skilled attackers can leverage the vulnerability to gain access to sensitive server files.

The impacts of successful exploitation are significant, with high confidentiality impact due to the potential exposure of sensitive files. Integrity impact is considered low, as the primary concern is unauthorized access rather than manipulation of data. Availability impact is negligible, as the vulnerability does not affect system availability.

Risk & Impact Analysis

The deployment of this vulnerability poses a considerable risk to organizations using the affected versions of 3DEXPERIENCE. The ability for attackers to read or write files on the server could lead to unauthorized access to sensitive information, resulting in potential data breaches and compliance violations.

Organizations must consider the potential blast radius of this vulnerability. Given that it affects a widely used application like DELMIA Factory Resource Manager, the implications of a successful attack could extend beyond individual systems to impact overall organizational security posture.

With a CVSS score of 9.1 from the NVD, the urgency for organizations to remediate this vulnerability is high. Failure to act could result in significant exposure to attacks, compromising not only data integrity but also organizational reputation.

Affected Versions

The affected versions include all releases of DELMIA Factory Resource Manager from 3DEXPERIENCE R2023x through R2025x. Organizations running these versions are at risk and should take immediate action.

Mitigation & Remediation

Organizations should upgrade to the latest versions of DELMIA Factory Resource Manager to mitigate this vulnerability. If a patch is unavailable, implementing strict input validation and access controls can help reduce the risk of exploitation. Further, organizations should consider penetration testing to identify any potential security weaknesses.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual file access requests, particularly attempts to access sensitive directories. Behavioral anomalies, such as unexpected changes in file permissions or content, should also be investigated.

AppSecure Threat Intelligence Insight

CVE-2025-10559 highlights the ongoing challenges in securing applications against path traversal vulnerabilities. Security teams should recognize the importance of implementing robust security controls and regular security assessments to identify and remediate such vulnerabilities promptly.

The trend of increasing vulnerabilities related to file access indicates a need for improved security practices. Organizations should prioritize the development of secure coding practices to prevent similar vulnerabilities from arising in the future.

For further insights and guidance on vulnerabilities, organizations can refer to our resources on vulnerability management programs and best practices in application security.

Organizations are encouraged to stay informed on emerging threats and vulnerabilities to maintain a strong security posture.