cbcvebase.
CVE-2025-9976
published 2025-10-13

CVE-2025-9976: An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE…

PriorityP261critical9CVSS 3.1
AVNACLPRLUIRSCCHIHAH
EPSS
0.94%
56.4th percentile
An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine.

Affected

4 ranges
VendorProductVersion rangeFixed in
dassault_syst_messtation_launcher_app_in_3dexperience_platformRelease 3DEXPERIENCE R2022x Golden – Release 3DEXPERIENCE R2022x.FP.CFA.2540
dassault_syst_messtation_launcher_app_in_3dexperience_platformRelease 3DEXPERIENCE R2023x Golden – Release 3DEXPERIENCE R2023x.FP.CFA.2532
dassault_syst_messtation_launcher_app_in_3dexperience_platformRelease 3DEXPERIENCE R2024x Golden – Release 3DEXPERIENCE R2024x.FP.CFA.2537
dassault_syst_messtation_launcher_app_in_3dexperience_platformRelease 3DEXPERIENCE R2025x Golden – Release 3DEXPERIENCE R2025x.FP.CFA.2532
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.