Full Report
The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes' DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution. [...]
Analysis Summary
# Vulnerability: Active Exploitation of Flaws in Dassault Systèmes DELMIA Apriso
## CVE Details
- CVE ID: CVE-2025-6205, CVE-2025-6204
- CVSS Score: Critical (for CVE-2025-6205, implied by description), High (for CVE-2025-6204, implied by description)
- CWE: Missing Authorization (CVE-2025-6205), Code Injection (CVE-2025-6204)
## Affected Systems
- Products: Dassault Systèmes DELMIA Apriso (Manufacturing Operations Management/Execution solution)
- Versions: Release 2020 through Release 2025
- Configurations: Unspecified, but likely default installations prior to patching.
## Vulnerability Description
**CVE-2025-6205 (Critical):** A missing authorization vulnerability that allows unauthenticated threat actors to remotely gain privileged access to an unpatched application.
**CVE-2025-6204 (High):** A code injection vulnerability that allows attackers who already possess high privileges to execute arbitrary code on vulnerable systems.
## Exploitation
- Status: Exploited in the wild (Both vulnerabilities added to CISA KEV Catalog)
- Complexity: Low (for CVE-2025-6205, allowing unauthenticated remote access)
- Attack Vector: Network (Implied by remote, unauthenticated access possibility for CVE-2025-6205)
## Impact
- Confidentiality: High (Implied, given potential for privileged access)
- Integrity: High (Implied, especially via code execution from CVE-2025-6204)
- Availability: High (Implied, due to successful code execution capabilities)
## Remediation
### Patches
- Dassault Systèmes released patches for both flaws in early August 2025.
- **Action Required:** Apply vendor-supplied updates corresponding to DELMIA Apriso Release 2020 through Release 2025.
### Workarounds
- Apply mitigations as instructed by the vendor.
- If vendor mitigations are unavailable, discontinue use of the product.
## Detection
- **Indicators of Compromise (IOC):** Not explicitly detailed in the text, but monitoring for suspicious network activity targeting the DELMIA Apriso application layer and unauthorized privileged account usage is recommended.
- **Detection Methods and Tools:** Focus monitoring efforts on communication associated with the vulnerable product versions, particularly looking for attempts to exploit authorization checks or inject commands remotely.
## References
- Vendor Advisory (CVE-2025-6204): hxxps://www3ds.com/trust-center/security/security-advisories/cve-2025-6204
- Vendor Advisory (CVE-2025-6205): hxxps://www3ds.com/trust-center/security/security-advisories/cve-2025-6205
- CISA KEV Catalog Notification: hxxps://www.cisa.gov/news-events/alerts/2025/10/28/cisa-adds-two-known-exploited-vulnerabilities-catalog