CVE Alert: CVE-2025-6204 – Dassault Systèmes – DELMIA Apriso

October 28, 2025

CVE-2025-6204

HIGHExploitation active

An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

CVSS v3.1 (8)
AV NETWORK · AC HIGH · PR HIGH · UI NONE · S CHANGED
Vendor
Dassault Systèmes
Product
DELMIA Apriso
Versions
Release 2020 Golden lte Release 2020 SP4 | Release 2021 Golden lte Release 2021 SP3 | Release 2022 Golden lte Release 2022 SP3 | Release 2023 Golden lte Release 2023 SP3 | Release 2024 Golden lte Release 2024 SP1 | Release 2025 Golden lte Release 2025 SP1
CWE
CWE-94, CWE-94 Improper Control of Generation of Code (‘Code Injection’)
Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Published
2025-08-04T09:14:08.343Z
Updated
2025-10-28T03:56:03.666Z

AI Summary Analysis

Risk verdict

Critical risk with active exploitation; treat as priority 1 due to remote code execution potential requiring high privileges.

Why this matters

An attacker with admin credentials or a foothold in the network could remotely inject code on affected servers, compromising the MES environment. The impact spans confidentiality, integrity and availability, with potential production disruption and data exposure across the organisation’s manufacturing footprint.

Most likely attack path

Exploitation is network-based and preconditions include high privileges and no user interaction. An adversary with admin access could trigger the code-generation path to execute arbitrary payloads, potentially enabling lateral movement within scope and affecting connected components.

Who is most exposed

On-premises or hybrid DELMIA Apriso deployments with exposed admin interfaces and network access to MES services are most at risk; those with central servers shared across sites and integrations to ERP/SCADA networks are especially vulnerable.

Detection ideas

  • Unauthorised or anomalous code-generation activity on the Apriso server.
  • New or modified binaries/scripts in the code-generation path.
  • Privilege escalation attempts or unusual admin activity around MES services.
  • Unusual outbound network connections from Apriso hosts.
  • Correlated security events: admin logins followed by atypical job executions or code injections.

Mitigation and prioritisation

  • Apply vendor patch/update to the latest supported release; verify in staging before production.
  • Enforce least-privilege access, MFA for admins, and restrict network exposure to Apriso endpoints; implement network segmentation.
  • Strengthen monitoring: enable detailed logging for code-generation components, deploy EDR/whitelisting, and alert on anomalous code-generation activity.
  • Review and harden change-management processes; schedule patch window and coordinate with IT/OT teams.
  • Treat as priority 1 given KEV/exploitation activity and high-severity CVSS context.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features
Buy Me A Coffee Patreon
Tags: , , , , ,

You may have missed

image

CVE Alert: CVE-2025-6205 – Dassault Systèmes – DELMIA Apriso

October 28, 2025
image

CVE Alert: CVE-2025-6204 – Dassault Systèmes – DELMIA Apriso

October 28, 2025
image

[PLAY] – Ransomware Victim: Fast Freight

October 28, 2025
image

[RHYSIDA] – Ransomware Victim: Gemini Group

October 28, 2025
image

[AKIRA] – Ransomware Victim: Bergman Dacey Goldsmith

October 28, 2025