Critical Vulnerabilities in Dassault Systèmes’ DELMIA Apriso Under Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has recently identified and added two critical vulnerabilities in Dassault Systèmes’ DELMIA Apriso software to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities are currently being actively exploited by malicious actors, posing significant threats to manufacturing operations worldwide.
Overview of DELMIA Apriso
DELMIA Apriso is a comprehensive Manufacturing Operations Management (MOM) platform utilized by industries such as automotive, aerospace, electronics, and industrial machinery. It facilitates real-time monitoring and management of production activities, ensuring operational efficiency and adaptability to market changes.
Details of the Vulnerabilities
The first vulnerability, designated as CVE-2025-6204, is a code injection flaw (CWE-94) that allows attackers to execute arbitrary code on affected systems. This vulnerability affects DELMIA Apriso versions from Release 2020 through Release 2025. Exploitation of this flaw can lead to unauthorized command execution, potentially resulting in full system compromise.
The second vulnerability, CVE-2025-6205, involves missing authorization controls (CWE-862). This security gap permits attackers to bypass authentication mechanisms and gain elevated privileges within the application without proper credentials. Like the first, this vulnerability also affects DELMIA Apriso versions from Release 2020 through Release 2025.
Implications of Exploitation
When exploited together, these vulnerabilities create a substantial attack surface. Threat actors can infiltrate manufacturing environments, manipulate production data, or deploy ransomware across industrial networks. Such breaches can disrupt production workflows, compromise sensitive data, and lead to significant financial and reputational damage.
CISA’s Response and Recommendations
CISA’s inclusion of these vulnerabilities in the KEV catalog indicates confirmed exploitation in active attack campaigns. The agency has mandated that federal civilian executive branch agencies apply vendor-supplied patches or mitigations by November 18, 2025. Organizations using cloud-based deployments are advised to follow Binding Operational Directive 22-01 guidance, which addresses security requirements for cloud services. If patches cannot be applied immediately, discontinuing the use of the affected product is recommended until secure configurations are implemented.
Steps for Organizations
Organizations utilizing DELMIA Apriso should:
1. Apply Patches Promptly: Implement the latest security updates provided by Dassault Systèmes to address these vulnerabilities.
2. Monitor Systems: Review access logs for any unusual activity that may indicate exploitation attempts.
3. Enhance Security Measures: Implement network segmentation to isolate manufacturing systems and monitor for unauthorized code execution or privilege escalation attempts.
4. Educate Staff: Train employees on recognizing phishing attempts and other common attack vectors to prevent initial compromise.
Conclusion
The active exploitation of these vulnerabilities underscores the critical need for immediate action. Manufacturing organizations must prioritize patching and implementing robust security measures to protect their operations from potential cyber threats.
