# CVE-2025-4991

Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release **3D**EXPERIENCE R2022x through Release **3D**EXPERIENCE R2025x

**Published**
2025-05-30

**Updated**
-

**Description**
A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release **3D**EXPERIENCE R2022x through Release **3D**EXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

**Affected Products**
Collaborative Industry Innovator

**Affected Versions**
From Release **3D**EXPERIENCE R2022x through Release **3D**EXPERIENCE R2025x

**Severity**
High

Go to Dassault Systèmes Security Advisories

[Security Advisories](/trust-center/security/security-advisories)

[   Go to CVE record  ](https://www.cve.org/CVERecord?id=CVE-2025-4991)

[   Access remediation information     ](https://support.3ds.com/knowledge-base/?q=docid%3AQA00000419667&_gl=1%2Avjqyhz%2A_gcl_au%2AOTY0MTUxNjA2LjE3NDQ2ODYwMDQ.%2A_ga%2ANDQ1MDUzMzQ5LjE3NDQ2ODEzMDA.%2A_ga_DYJDKXYEZ4%2AczE3NDkyMDA2NzckbzE0MiRnMCR0MTc0OTIwMDY3NyRqNjAkbDAkaDA.%2A_ga_39DKQ0LYW1%2AczE3NDkyMDA2NzckbzE0MSRnMCR0MTc0OTIwMDY3NyRqNjAkbDAkaDA.)