CVE-2025-10559

A path traversal vulnerability has been identified in the Factory Resource Management component of DELMIA Factory Resource Manager, affecting releases from 3DEXPERIENCE R2023x through R2025x [1]. The root cause is insufficient validation of user-supplied file path inputs, enabling an attacker to traverse outside the intended directory.

Exploitation requires authenticated access to the application. By manipulating file path parameters, an attacker can navigate to arbitrary directories on the server, bypassing access controls. The attack surface is limited to the Factory Resource Manager module, but no special privileges beyond standard user authentication are needed [1].

Successful exploitation allows an attacker to read sensitive files, such as configuration data or application logs, or write arbitrary files to specific directories. This could lead to further compromise of the server, including potential remote code execution if writable paths are leveraged [1].

Dassault Systèmes has published a security advisory detailing the vulnerability. Users are advised to apply the recommended patches or mitigations provided by the vendor. No evidence of active exploitation in the wild has been reported at the time of publication [1].