The Cybersecurity & Infrastructure Safety Company (CISA) warned right this moment that attackers are actively exploiting two vulnerabilities in Dassault Systèmes’ DELMIA Apriso, a producing operations administration (MOM) and execution (MES) resolution.
The primary one (CVE-2025-6205) is a critical-severity lacking authorization security flaw that may enable unauthenticated menace actors to remotely achieve privileged entry to an unpatched software, whereas the second (CVE-2025-6204) is a high-severity code injection vulnerability that lets attackers with excessive privileges execute arbitrary code on weak techniques.
French firm Dassault Systèmes patched the 2 flaws in early August 2025, when it additionally confirmed they have an effect on DELMIA Apriso from Launch 2020 by Launch 2025.
At present, CISA flagged the 2 vulnerabilities as exploited within the wild and added them to its Identified Exploited Vulnerabilities (KEV) Catalog.
As mandated by the Binding Operational Directive (BOD) 22-01, issued in November 2021, Federal Civilian Govt Department (FCEB) companies should safe their networks inside three weeks, by November 18.
Whereas this solely applies to U.S. authorities companies, CISA urged all IT admins and community defenders to prioritize patching the failings as quickly as attainable.
“A majority of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise,” the cybersecurity company stated. “Apply mitigations per vendor directions, observe relevant BOD 22-01 steerage for cloud companies, or discontinue use of the product if mitigations are unavailable.”
CISA additionally added a essential DELMIA Apriso distant code execution flaw (CVE-2025-5086) to its catalog of actively exploited vulnerabilities in September, one week after menace researcher Johannes Ullrich detected the primary indicators of exploitation.
DELMIA Apriso is utilized by enterprises worldwide to handle warehouses, schedule manufacturing, allocate assets, handle high quality, and combine manufacturing gear with varied enterprise purposes.
This resolution is usually deployed in automotive, electronics, aerospace, and industrial equipment divisions, the place traceability, compliance, and a excessive stage of high quality management and course of standardization are essential.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration tendencies.
