Overview
- Two DELMIA Apriso vulnerabilities, CVE-2025-6205 and CVE-2025-6204, are confirmed under active exploitation, according to CISA.
- CVE-2025-6205 is a critical missing-authorization issue enabling unauthenticated privileged access, and CVE-2025-6204 is a high-severity code injection allowing arbitrary code execution.
- Dassault Systèmes released fixes in early August for Releases 2020 through 2025, leaving unpatched deployments exposed.
- The KEV listing triggers BOD 22-01 remediation for FCEB agencies by November 18, and CISA urges all organizations to prioritize updates or apply vendor mitigations.
- CISA previously added DELMIA Apriso RCE CVE-2025-5086 in September, and researchers also report ongoing XWiki CVE-2025-24893 attacks delivering a two-stage cryptocurrency miner.