The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes’ DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution.
The first one (CVE-2025-6205) is a critical-severity missing authorization security flaw that can allow unauthenticated threat actors to remotely gain privileged access to an unpatched application, while the second (CVE-2025-6204) is a high-severity code injection vulnerability that lets attackers with high privileges execute arbitrary code on vulnerable systems.
French company Dassault Systèmes patched the two flaws in early August 2025, when it also confirmed they affect DELMIA Apriso from Release 2020 through Release 2025.
Today, CISA flagged the two vulnerabilities as exploited in the wild and added them to its Known Exploited Vulnerabilities (KEV) Catalog.
As mandated by the Binding Operational Directive (BOD) 22-01, issued in November 2021, Federal Civilian Executive Branch (FCEB) agencies must secure their networks within three weeks, by November 18.
While this only applies to U.S. government agencies, CISA urged all IT admins and network defenders to prioritize patching the flaws as soon as possible.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the cybersecurity agency said. “Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.”
CISA also added a critical DELMIA Apriso remote code execution flaw (CVE-2025-5086) to its catalog of actively exploited vulnerabilities in September, one week after threat researcher Johannes Ullrich detected the first signs of exploitation.
DELMIA Apriso is used by enterprises worldwide to manage warehouses, schedule production, allocate resources, manage quality, and integrate production equipment with various business applications.
This solution is typically deployed in automotive, electronics, aerospace, and industrial machinery divisions, where traceability, compliance, and a high level of quality control and process standardization are critical.
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
