CISA has issued a warning about active exploitation of two critical vulnerabilities in Dassault Systèmes’ DELMIA Apriso software, which affects manufacturing operations. These flaws include a remote privilege escalation (CVE-2025-6205) and a code injection (CVE-2025-6204), prompting urgent patching efforts. #DELMIAApriso #CVE20256205 #CVE20256204
Keypoints
- CISA warns of active exploits targeting Dassault Systèmes DELMIA Apriso vulnerabilities.
- The vulnerabilities include a critical privilege escalation flaw and a high-severity code injection.
- Dassault Systèmes released patches for these issues in August 2025, affecting multiple releases.
- U.S. federal agencies are mandated to patch these flaws within three weeks under BOD 22-01.
- Exploitation of a remote code execution flaw (CVE-2025-5086) was detected last month, indicating ongoing threats.