CVE-2025-6204

high

Description

An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

References

Exploits
More

https://www.securityweek.com/cisa-warns-of-exploited-delmia-factory-software-vulnerabilities/

https://www.cisa.gov/news-events/alerts/2025/10/28/cisa-adds-two-known-exploited-vulnerabilities-catalog

https://thehackernews.com/2025/10/active-exploits-hit-dassault-and-xwiki.html

https://securityaffairs.com/183990/security/u-s-cisa-adds-dassault-systemes-delmia-apriso-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.databreachtoday.com/delmia-apriso-systems-under-attack-a-29871

https://www.bleepingcomputer.com/news/security/cisa-warns-of-two-more-actively-exploited-dassault-vulnerabilities/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204

Details

Source: Mitre, NVD

Published: 2025-08-04

Updated: 2025-10-29

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:H/Au:M/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 8

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00072

Detections

Analytics