Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Dassault Systèmes DELMIA Apriso and XWiki active exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 63
2 unique sources, 2 articles

Summary

Hide ▲

CISA and VulnCheck say DELMIA Apriso and XWiki flaws are being exploited in the wild, expanding risk across multiple products and CVEs. The abuse can lead to arbitrary code execution or privileged access, depending on the flaw. One XWiki attack chain has already been tied to cryptocurrency miner delivery, showing operational use rather than isolated scanning. The wave is urgent because the impacted issues are already on the KEV list and remediation deadlines are now in force.

Cases

DELMIA Apriso and XWiki exploitation (3)

Related Happenings

Windows zero-day exploitation wave

Exploitation Wave
First: 17.04.2026 09:14 Last: 17.04.2026 09:14 Sources 1

About this happening: **BlueHammer**, **RedSun**, and **UnDefend** are being exploited in the wild against **Windows** devices, creating active risk of **SYSTEM** or elevated administrator compromise....

Latest development: 23.04.2026 14:05

CISA added BlueHammer, tracked as CVE-2026-33825, to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to patch Microsoft Defender on Windows systems within two weeks, until May 7. The federal directive targets ongoing zero-day abuse of the flaw on U.S. government systems.

Open Happening

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Open Happening

Newly disclosed CVSS 7 to 10 vulnerabilities accelerated exploitation wave

Exploitation Wave
First: 18.03.2026 15:00 Last: 18.03.2026 15:00 Sources 1

About this happening: Exploitation of newly disclosed **CVSS 7 to 10 vulnerabilities** surged **105% YoY**, shrinking the time defenders have to react and patch. The median disclosure-to-**CISA KEV** i...

Open Happening

VMware Aria Operations command injection flaw (CVE-2026-22719, exploited)

Vulnerability
First: 04.03.2026 01:40 Last: 04.03.2026 01:40 Sources 1

About this happening: **CISA** added **CVE-2026-22719** in **VMware Aria Operations** to its **KEV catalog**, indicating the **command injection flaw** is being exploited and could lead to **remote cod...

Open Happening

React2Shell (CVE-2025-55182) mass scanning and exploitation wave

Exploitation Wave
First: 20.02.2026 23:07 Last: 20.02.2026 23:07 Sources 1

About this happening: **CVE-2025-55182 (React2Shell)** is being **actively exploited** across **React Server Components (RSC)** and **Next.js** environments, with reports now adding a **ransomware gang...

Open Happening

Timeline

  1. 29.10.2025 09:44 2 articles · 7mo ago

    CISA and VulnCheck flag active exploitation of DELMIA Apriso and XWiki flaws

    Initial Disclosure

    CISA and VulnCheck say threat actors are actively exploiting Dassault Systèmes DELMIA Apriso and XWiki, with CVE-2025-6204, CVE-2025-6205, and CVE-2025-24893 tied to code injection, missing authorization, and eval injection that can enable arbitrary code execution, privileged access, and remote code execution through /bin/get/Main/SolrSearch. VulnCheck also describes a two-stage attack chain that uses wget to stage x640 from 193.32.208[.]24:8080, writes it to /tmp/11909, and then fetches additional payloads including a cryptocurrency miner; Dassault Systèmes addressed the DELMIA Apriso flaws in early August, and several FCEB agencies must remediate them by November 18, 2025.

    Show sources
    Open in new tab