Code injection vulnerability in Dassault Systèmes DELMIA Apriso manufacturing operations management platform allows arbitrary code execution. Requires high privileges but exploitable over network without user interaction.
Data Source: CIRCL
Confidence: MEDIUM
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-08-04
Added to CISA KEV: 2025-10-28 85 DAYS BETWEEN CVE AND KEV
Here's what is known about the CVE-2025-6204 vulnerability:
For example, after using CVE-2025-6205 to create new credentials, the attacker would be able to leverage CVE-2025-6204 to upload a malicious file ...
CISA has added two new vulnerabilities to its KEV Catalog, based on evidence of active exploitation. ... CVE-2025-6204 Dassault Systèmes DELMIA ...
CVE-2025-6204 - DELmia Apriso Code Injection Vulnerability. Latest Vulnerabilities / 1h.4, 2025, 10:15 a.m. 31 minutes ago Description : An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to…
CVE-2025-6204. Dassault Systèmes DELMIA Apriso Code Injection Vulnerability: Dassault Systèmes DELMIA Apriso contains a code injection vulnerability that could ...
CVE-2025-6205 (CVSS score: 9.1) - A missing authorization vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to gain privileged access to the application. CVE-2025-24893 (CVSS score: 9.8) - An improper neutralization of input in a dynamic evaluation call (aka eval injectio…
CVE-2025-6204 (CVSS score: 8.0) - A code injection vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to execute arbitrary code. CVE-2025-6205 (CVSS score: 9.1) - A missing authorization vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to gain…
Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025.