Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact
Exploitation Wave Vulnerability ×2

DELMIA Apriso and XWiki exploitation

Updated 18.11.2025 00:41
Case score 63
Case score 63 Members 3 Latest activity 18.11.2025 00:41
Active exploitation KEV: CISA KEV Patch available CVSS: 9.8 Critical
Members 3 First seen 12.09.2025 14:03 Last seen 29.10.2025 09:44 Updated 18.11.2025 00:41

Overview

Attackers are actively exploiting **DELMIA Apriso** and **XWiki** flaws, with DELMIA Apriso spanning Release 2020 through Release 2025 and XWiki abuse reaching code execution through the SolrSearch endpoint. The available evidence also shows an XWiki attack chain that stages a downloader and then delivers a cryptocurrency miner. CISA has placed the flaws on **KEV**, Dassault Systèmes has already patched the DELMIA Apriso issues, and federal remediation deadlines are now in force. Reach is still unquantified, and the available evidence does not identify a single actor or confirm the total number of affected deployments.

Signals

10 derived
Impact signals
Affected DELMIA Apriso Release 2020 through Release 2025; XWiki Affected unpatched DELMIA Apriso deployments Affected FCEB agencies using affected DELMIA Apriso deployments
Exploitation
Exploitation Active exploitation CVSS
CVEs/products
CVE CVE CVE CVE
Victims/regions
Sector manufacturing Victim region United States
Remediation
KEV CISA KEV Remediation Patch available

Malware context

4 families · 2 tools
Tools
wget XMRig

Member happenings

3 related
Exploitation Wave Dassault Systèmes DELMIA Apriso and XWiki active exploitation wave
Updated 29.10.2025 09:44 Lead Contribution 63
Exploitation Active Exploitation CVSS 9.8 Critical Patch Patch Available

**CISA** and **VulnCheck** say **DELMIA Apriso** and **XWiki** flaws are being exploited in the wild, expanding risk across multiple products and CVEs. The abuse can lead to **arbitrary code execution** or **privileged access**, depending on the flaw. One XWiki attack chain has already been tied to **cryptocurrency miner** delivery, showing operational use rather than isolated scanning. The wave is urgent because the impacted issues are already on the **KEV** list and remediation deadlines are now in force.

View happening
Vulnerability Dassault Systèmes DELMIA Apriso MOM deserialization flaw (CVE-2025-5086)
Updated 12.09.2025 14:03 Context
Exploitation Active Exploitation CVSS 9.0 Critical Patch Patch Available

**CVE-2025-5086** in **Dassault Systèmes DELMIA Apriso MOM** is now **actively exploited**, putting **Release 2020 through Release 2025** deployments at risk of **remote code execution**. The flaw is a **deserialization of untrusted data** vulnerability, and CISA added it to the **KEV** catalog because exploitation is already being observed. **FCEB** agencies were told to apply the required updates by **October 2, 2025**.

View happening
Vulnerability DELMIA Apriso actively exploited authorization and code injection flaws (multiple vulnerabilities)
Updated 28.10.2025 20:59 Context
Exploitation Active Exploitation Exploit No Known Public Exploit CVSS 9.1 Critical Patch Patch Available

**DELMIA Apriso** flaws **CVE-2025-6205** and **CVE-2025-6204** are now **actively exploited**, creating risk of **unauthenticated privileged access** and **arbitrary code execution** on unpatched systems. **Dassault Systèmes** said it patched both issues in **early August 2025** and that they affect **Release 2020 through Release 2025**. **CISA** added the two vulnerabilities to its **Known Exploited Vulnerabilities (KEV) Catalog** and warned defenders to prioritize remediation quickly. For U.S. federal civilian agencies, the issues fall under **BOD 22-01** with a **three-week** remediation window.

View happening