{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10559", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "state": "PUBLISHED", "assignerShortName": "3DS", "dateReserved": "2025-09-16T12:56:50.206Z", "datePublished": "2026-03-31T08:41:43.180Z", "dateUpdated": "2026-03-31T18:04:37.440Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2026-03-31T08:41:43.180Z"}, "title": "Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "DELMIA Factory Resource Manager", "versions": [{"status": "affected", "version": "Release 3DEXPERIENCE R2023x Golden", "lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2541", "versionType": "custom"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2024x Golden", "lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2537", "versionType": "custom"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2025x Golden", "lessThanOrEqual": "Release 3DEXPERIENCE R2025x.FP.CFA.2514", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server."}]}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10559"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"}}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T15:03:55.267937Z", "id": "CVE-2025-10559", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T18:04:37.440Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10559", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T15:03:55.267937Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T15:04:14.260Z"}}], "cna": {"title": "Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "DELMIA Factory Resource Manager", "versions": [{"status": "affected", "version": "Release 3DEXPERIENCE R2023x Golden", "versionType": "custom", "lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2541"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2024x Golden", "versionType": "custom", "lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2537"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2025x Golden", "versionType": "custom", "lessThanOrEqual": "Release 3DEXPERIENCE R2025x.FP.CFA.2514"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10559"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server.", "supportingMedia": [{"type": "text/html", "value": "A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2026-03-31T08:41:43.180Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10559", "state": "PUBLISHED", "dateUpdated": "2026-03-31T18:04:37.440Z", "dateReserved": "2025-09-16T12:56:50.206Z", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "datePublished": "2026-03-31T08:41:43.180Z", "assignerShortName": "3DS"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:3ds:3dexperience:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D800681-01F0-43E4-9525-BE188167D292", "versionEndIncluding": "r2025x", "versionStartIncluding": "r2023x", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server."}, {"lang": "es", "value": "Una vulnerabilidad de salto de ruta que afecta a la Gesti\u00f3n de Recursos de F\u00e1brica en DELMIA Factory Resource Manager desde la versi\u00f3n 3DEXPERIENCE R2023x hasta la versi\u00f3n 3DEXPERIENCE R2025x permite a un atacante leer o escribir archivos en directorios espec\u00edficos en el servidor."}], "id": "CVE-2025-10559", "lastModified": "2026-04-06T15:17:19.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "3DS.Information-Security@3ds.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-31T09:16:21.970", "references": [{"source": "3DS.Information-Security@3ds.com", "tags": ["Vendor Advisory"], "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10559"}], "sourceIdentifier": "3DS.Information-Security@3ds.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "3DS.Information-Security@3ds.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[Release 3DEXPERIENCE R2023x Golden,Release 3DEXPERIENCE R2023x.FP.CFA.2541]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[Release 3DEXPERIENCE R2024x Golden,Release 3DEXPERIENCE R2024x.FP.CFA.2537]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[Release 3DEXPERIENCE R2025x Golden,Release 3DEXPERIENCE R2025x.FP.CFA.2514]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "DELMIA Factory Resource Manager", "source": "cna", "vendor": "Dassault Syst\u00e8mes"}, "product": "delmia_factory_resource_manager", "vendor": "dassault_syst\u00e8mes"}], "analysis": {"en": {"generated_at": "2026-03-31T10:51:08.788084+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011provided patch or upgrade to a version released after 3DEXPERIENCE\u00a0R2025x", "If a patch is not yet available, restrict network access to the application by configuring firewalls or reverse proxies to limit exposure to trusted IP ranges", "Monitor vendor advisories and security patches for updates relating to the path traversal flaw"], "summary": {"action": "Apply Patch", "impact": "Read/Write Sensitive Files"}, "threat_synthesis": {"affected_systems": "This vulnerability affects all releases of DELMIA Factory Resource Manager from 3DEXPERIENCE\u00a0R2023x through 3DEXPERIENCE\u00a0R2025x. The affected components are those that handle user\u2011supplied file paths within the factory\u2011resource\u2011management modules; affected directories are limited to those explicitly permitted by the application but are not enumerated in the advisory.", "description_and_impact": "A path traversal flaw in Dassault\u202fSyst\u00e8mes DELMIA Factory Resource Manager permits an attacker to access and modify files located in specific directories on the server. The vulnerability enables the disclosure or alteration of confidential data, configuration files or other assets, raising concerns for both confidentiality and integrity. It is classified as CWE\u201122, which describes unauthorized directory traversal leading to arbitrary file access.", "risk_and_exploitability": "The CVSS score of 7.1 indicates moderate severity. EPSS data is not available, and the flaw is not listed in the CISA KEV catalog, suggesting no widely known exploits yet. The likely attack route is remote; an attacker would send crafted requests to the web or API interface that accepts file path parameters, requiring network reachability to the server but no additional user interaction. Successful exploitation would allow reading or writing of files within the allowed directories, potentially facilitating data exfiltration or configuration tampering."}}}}, "created": "2026-03-31T19:56:01.318352+00:00", "updated": "2026-03-31T20:39:22.178170+00:00", "vendors": ["dassault_syst\u00e8mes", "dassault_syst\u00e8mes$PRODUCT$delmia_factory_resource_manager"]}