CISA KEV Alert: Critical DELMIA Apriso Flaws Under Active Exploitation Allow RCE and Privileged Access
Ddos 
The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Dassault Systèmes DELMIA Apriso vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, following confirmed evidence of active exploitation in the wild.
The flaws—CVE-2025-6204 and CVE-2025-6205—affect DELMIA Apriso releases from 2020 through 2025 and could allow attackers to execute arbitrary code or gain unauthorized privileged access to manufacturing management environments.
The first flaw, CVE-2025-6204, is rated with a CVSS score of 8.0 (High) and stems from improper control of code generation within DELMIA Apriso’s backend components.
According to Dassault Systèmes’ own security bulletin, “An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.”
Exploitation of this flaw could enable a remote attacker to inject malicious code into the system’s runtime, potentially leading to data manipulation, system compromise, or lateral movement within connected manufacturing environments.
The second vulnerability, CVE-2025-6205, is rated Critical (CVSS 9.1) and involves missing authorization controls that could permit attackers to gain privileged access to DELMIA Apriso’s application layer.
The vendor’s advisory explains, “A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.”
This lack of proper access validation means a malicious actor could exploit weakly protected endpoints or API routes to perform administrative actions—such as modifying configuration files, extracting sensitive manufacturing data, or disabling security policies.
Given DELMIA Apriso’s deep integration into MES (Manufacturing Execution Systems) and PLM (Product Lifecycle Management) infrastructures, the impact of successful exploitation could disrupt production workflows or expose proprietary industrial process data.
CISA warned that these vulnerabilities “pose significant risk to the federal enterprise” and directed all Federal Civilian Executive Branch (FCEB) agencies to apply mitigations or patches no later than November 18, 2025, to secure their networks.
Related Posts:
- CVSS 10.0: Critical Flaw Threatens DELMIA Apriso Manufacturing Systems
- CVE-2025-5086 (CVSS 9.0): A Critical RCE in DELMIA Apriso with Exploit Attempts Seen in the Wild
- CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited
- CISA Adds 12 New Known Actively Exploited Vulnerabilities to its Catalog
- Five Security Vulnerabilities Added to CISA’s KEV Catalog
Donate