CISA Alerts: 2 New Dassault Flaws Under Active Attack
▼ Summary
– CISA warns that attackers are actively exploiting two vulnerabilities in Dassault Systèmes’ DELMIA Apriso manufacturing software.
– The first vulnerability (CVE-2025-6205) allows unauthenticated attackers to gain privileged access, while the second (CVE-2025-6204) enables code injection for arbitrary code execution.
– Dassault Systèmes patched these flaws in August 2025, which affect DELMIA Apriso releases from 2020 through 2025.
– Federal agencies must secure their systems within three weeks, and all organizations are urged to prioritize patching these vulnerabilities.
– DELMIA Apriso is used globally in industries like automotive and aerospace for production management, quality control, and compliance.
A critical security alert from the Cybersecurity & Infrastructure Security Agency (CISA) warns that malicious actors are now actively targeting two newly discovered security flaws within Dassault Systèmes’ DELMIA Apriso platform. This widely used manufacturing operations management software helps companies coordinate complex production workflows, making it a high-value target for cyber intrusions.
The first vulnerability, identified as CVE-2025-6205, carries a critical severity rating. It stems from a missing authorization check, which could permit unauthenticated attackers to remotely obtain privileged access to systems running an unpatched version of the application. The second flaw, tracked as CVE-2025-6204, is a high-severity code injection issue. It enables attackers who already possess elevated privileges to execute arbitrary code on affected systems, potentially taking full control.
Dassault Systèmes, the French software corporation behind the product, released patches for both security gaps in early August 2025. The company confirmed the vulnerabilities impact all DELMIA Apriso versions from Release 2020 through the most recent Release 2025.
CISA has now officially added these two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, confirming that exploitation is occurring in active attacks. Under the provisions of Binding Operational Directive (BOD) 22-01, all Federal Civilian Executive Branch agencies are required to apply these patches and secure their networks within a three-week deadline, ending on November 18.
Although this mandate is legally binding only for U.S. government bodies, CISA strongly advises all organizations using the software, especially IT administrators and network defenders, to treat patching these vulnerabilities as an urgent priority.
In its advisory, the agency emphasized that “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” The guidance instructs administrators to apply vendor-provided mitigations immediately, follow BOD 22-01 guidance for any cloud-based deployments, or discontinue using the product if no mitigation is currently available.
This is not the first time a critical flaw in this software has been exploited. Just last month, in September, CISA added another critical remote code execution vulnerability in DELMIA Apriso (CVE-2025-5086) to its KEV catalog. That action came only one week after threat researcher Johannes Ullrich first observed signs of active exploitation in the wild.
DELMIA Apriso is deployed by major enterprises across the globe to manage essential manufacturing functions. These include warehouse operations, production scheduling, resource allocation, quality management, and integrating factory equipment with broader business software systems.
The platform is especially common in industries where precision, traceability, and strict compliance are non-negotiable. This includes the automotive, electronics, aerospace, and industrial machinery sectors, where any disruption can have severe operational and safety repercussions.
(Source: Bleeping Computer)
