Find notable cyber news and cases, enriched with sources, timelines, and signals.

DELMIA Apriso actively exploited authorization and code injection flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 46
2 unique sources, 2 articles

Summary

Hide ▲

DELMIA Apriso flaws CVE-2025-6205 and CVE-2025-6204 are now actively exploited, creating risk of unauthenticated privileged access and arbitrary code execution on unpatched systems. Dassault Systèmes said it patched both issues in early August 2025 and that they affect Release 2020 through Release 2025. CISA added the two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog and warned defenders to prioritize remediation quickly. For U.S. federal civilian agencies, the issues fall under BOD 22-01 with a three-week remediation window.

Cases

Related Happenings

CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw

Public Sector Action
H score36 First: 16.06.2026 13:47 Last: 16.06.2026 13:47 Sources 1

About this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...

CISA orders FCEB Ivanti Sentry remediation under BOD 26-04

Public Sector Action
H score36 First: 12.06.2026 11:26 Last: 12.06.2026 11:26 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to secure **Ivanti Sentry** within **three days** after confirming **CVE-2026-10520** is being **actively exploited**, creating immediate remedi...

CISA BOD 26-04 remediation requirements

Advisory/Mitigation
H score31 First: 11.06.2026 15:46 Last: 11.06.2026 15:46 Sources 1

About this happening: CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...

CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies

Public Sector Action
H score27 First: 10.06.2026 15:00 Last: 10.06.2026 15:00 Sources 1

About this happening: **CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...

CISA KEV order for SolarWinds Serv-U CVE-2026-28318

Public Sector Action
H score50 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...

Timeline

  1. 28.10.2025 20:59 2 articles · 8mo ago

    CISA warns of active exploitation of DELMIA Apriso flaws

    Initial Disclosure

    CISA says attackers are actively exploiting CVE-2025-6205 and CVE-2025-6204 in Dassault Systèmes DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution. CVE-2025-6205 is a critical missing authorization flaw that can let unauthenticated threat actors remotely gain privileged access, and CVE-2025-6204 is a high-severity code injection vulnerability that can let attackers with high privileges execute arbitrary code on vulnerable systems. Dassault Systèmes patched both flaws in early August 2025 and said they affect DELMIA Apriso from Release 2020 through Release 2025, while CISA added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog.

    Show sources
  2. 28.10.2025 20:59 1 articles · 8mo ago

    FCEB agencies face BOD 22-01 remediation deadline

    Legal Policy Action Update

    Federal Civilian Executive Branch (FCEB) agencies must secure their networks within three weeks under Binding Operational Directive (BOD) 22-01, with the deadline falling on November 18 for the actively exploited DELMIA Apriso vulnerabilities. CISA urged defenders to apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    Show sources