Actively Exploited DELMIA Flaws Enable Full Application Compromise

CISA is urging organizations to remediate two vulnerabilities in that could lead to full compromise of Dassault Systèmes’ manufacturing software.

Published on Oct 29, 2025

Written by Caitlin Harris

Share

Actively Exploited DELMIA Flaws Enable Full Application Compromise

Threat actors are actively exploiting two vulnerabilities impacting Dassault Systèmes’ manufacturing execution and operations orchestration platform, DELMIA Apriso, warns CISA.

The two vulnerabilities are being tracked as CVE-2025-6204 (CVSS score of 8.0) and CVE-2025-6205 (CVSS score of 9.1). Classified as High severity and Critical respectively, they affect the manufacturing software from release 2020 through 2025.

CVE-2025-6204 is a code injection flaw that enables attackers to execute arbitrary code, while CVE-2025-6205 is a missing authorization flaw that provides attackers with privileged access to the application.

Dassault Systèmes released patches for the two flaws in early August, but CISA has since added them to its KEV Catalog after reports of threat actors exploiting them in the wild.

According to researchers at ProjectDiscovery, threat actors have been observed stringing the two flaws together to create an exploit chain, which they can leverage to create accounts with elevated privileges and then remotely drop executable files into a web-served directory. This enables the attackers to take complete control of the DELMIA Apriso application.

“The unauthenticated account creation gives an attacker credentials, and those credentials are then used to authenticate and abuse the file upload to drop a web shell,” the researchers explained.

“Together these flaws create a low-effort, high-impact path to full application compromise and lateral movement, placing organizations that rely on Apriso at substantial risk if left unmitigated.”

Urgent Remediation Required

As mandated by Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to remediate the DELMIA Apriso vulnerabilities by November 18^th.

However, both CISA and the ProjectDiscovery research team are urging all organizations using the DELMIA Apriso software to apply the necessary updates as soon as possible.

ProjectDiscovery also recommends that Apriso users check any newly created privileged accounts and scan upload directories for unexpected web shells or similar executables.

Explore More

Windows Vulnerability Actively Exploited, Urgent Patching Required

Microsoft has released a patch to address an RCE that could allow data exfiltration from corporate accounts via Windows Server Update Services.

Alex Zawalnyski Last updated on Apr 22, 2026

Read Now

Written By

Caitlin Harris Deputy Head Of Content

Caitlin Harris is the Deputy Head of Content at Expert Insights. As an experienced content writer and editor, Caitlin helps cybersecurity leaders to cut through the noise in the cybersecurity space with expert analysis and insightful recommendations.

Prior to Expert Insights, Caitlin worked at QA Ltd, where she produced award-winning technical training materials, and she has also produced journalistic content over the course of her career.

Caitlin has 8 years of experience in the cybersecurity and technology space, helping technical teams, CISOs, and security professionals find clarity on complex, mission critical topics like security awareness training, backup and recovery, and endpoint protection.

Caitlin also hosts the Expert Insights Podcast and co-writes the weekly newsletter, Decrypted.