Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

DELMIA Apriso actively exploited authorization and code injection flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 52
2 unique sources, 2 articles

Summary

Hide ▲

DELMIA Apriso flaws CVE-2025-6205 and CVE-2025-6204 are now actively exploited, creating risk of unauthenticated privileged access and arbitrary code execution on unpatched systems. Dassault Systèmes said it patched both issues in early August 2025 and that they affect Release 2020 through Release 2025. CISA added the two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog and warned defenders to prioritize remediation quickly. For U.S. federal civilian agencies, the issues fall under BOD 22-01 with a three-week remediation window.

Cases

DELMIA Apriso and XWiki exploitation (3)

Related Happenings

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

Open Happening

CISA orders FCEB patching for CVE-2026-9082

Public Sector Action
First: 26.05.2026 11:46 Last: 26.05.2026 11:46 Sources 1

About this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...

Open Happening

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Open Happening

CISA KEV listing and FCEB patch order for Ivanti EPMM

Public Sector Action
First: 08.04.2026 21:15 Last: 08.04.2026 21:15 Sources 1

About this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

Timeline

  1. 28.10.2025 20:59 2 articles · 7mo ago

    CISA warns of active exploitation of DELMIA Apriso flaws

    Initial Disclosure

    CISA says attackers are actively exploiting CVE-2025-6205 and CVE-2025-6204 in Dassault Systèmes DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution. CVE-2025-6205 is a critical missing authorization flaw that can let unauthenticated threat actors remotely gain privileged access, and CVE-2025-6204 is a high-severity code injection vulnerability that can let attackers with high privileges execute arbitrary code on vulnerable systems. Dassault Systèmes patched both flaws in early August 2025 and said they affect DELMIA Apriso from Release 2020 through Release 2025, while CISA added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog.

    Show sources
    Open in new tab
  2. 28.10.2025 20:59 1 articles · 7mo ago

    FCEB agencies face BOD 22-01 remediation deadline

    Legal Policy Action Update

    Federal Civilian Executive Branch (FCEB) agencies must secure their networks within three weeks under Binding Operational Directive (BOD) 22-01, with the deadline falling on November 18 for the actively exploited DELMIA Apriso vulnerabilities. CISA urged defenders to apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Show sources
    Open in new tab