CISA Warns of Dassault Systèmes Vulnerabilities Actively Exploited in Attacks

CISA has added two critical vulnerabilities affecting Dassault Systèmes DELMIA Apriso to its Known Exploited Vulnerabilities catalog, warning that threat actors are actively exploiting these security flaws in real-world attacks.

The alert, issued on October 28, 2025, requires federal agencies to implement mitigations by November 18, 2025, while urging all organizations using the affected software to take immediate action.

DELMIA Apriso, a widely deployed manufacturing operations management platform used by enterprises worldwide, has become the target of sophisticated cyberattacks exploiting two distinct vulnerabilities.

Active Exploitation of Manufacturing Software

The first flaw, tracked as CVE-2025-6204, is a code injection vulnerability (CWE-94) that enables attackers to execute arbitrary code on vulnerable systems.

This type of weakness allows malicious actors to inject and run unauthorized commands, potentially leading to complete system compromise.

The second vulnerability, CVE-2025-6205, involves missing authorization controls categorized as CWE-862.

CVE ID	Product	Vulnerability Type
CVE-2025-6204	Dassault Systèmes DELMIA Apriso	Code Injection
CVE-2025-6205	Dassault Systèmes DELMIA Apriso	Missing Authorization

This security gap permits attackers to bypass authentication mechanisms and gain elevated privileges within the application without proper credentials.

When combined, these vulnerabilities create a dangerous attack surface that could allow threat actors to infiltrate manufacturing environments, manipulate production data, or deploy ransomware across industrial networks.

CISA’s inclusion of these vulnerabilities in the KEV catalog signals confirmed exploitation in active attack campaigns, though details about specific incidents remain undisclosed.

The agency has mandated that federal civilian executive branch agencies apply vendor-supplied patches or mitigations within three weeks.

For organizations using cloud-based deployments, CISA recommends following Binding Operational Directive 22-01 guidance, which addresses security requirements for cloud services.

Organizations unable to apply patches are advised to discontinue use of the affected product until secure configurations can be implemented.

The 21-day remediation window reflects the serious nature of these actively exploited vulnerabilities and the elevated risk they pose to manufacturing operations and supply chain security.

Security teams should prioritize patching DELMIA Apriso installations, particularly those accessible from internet-facing networks or connected to critical manufacturing processes.

Organizations should also review access logs for suspicious activity, implement network segmentation to isolate manufacturing systems, and monitor for unauthorized code execution or privilege escalation attempts.

Given the active exploitation status, defenders must assume threat actors are scanning for vulnerable instances and act swiftly to close these security gaps before attackers can establish persistent access to industrial control environments.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.