Back to KEVs

CVE-2025-9976

OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x

Basic Information

CVE State: PUBLISHED
Reserved Date: September 04, 2025
Published Date: October 13, 2025
Last Updated: October 14, 2025
Vendor: Dassault Systèmes
Product: Station Launcher App in 3DEXPERIENCE platform
Description: An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine.

CVSS Scores

CVSS v3.1

9.0 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

SSVC Information

Exploitation: none
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-10-15 14:56:30 UTC) Source

References

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-9976

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-10-15 14:56:30 UTC

Timeline

CVE ID Reserved

September 04, 2025
CVE Published to Public

October 13, 2025
Added to KEVIntel

October 15, 2025