Overview
- CISA confirmed active exploitation of CVE-2025-6204 and CVE-2025-6205 in Dassault Systèmes' DELMIA Apriso and placed them in the Known Exploited Vulnerabilities catalog.
- CVE-2025-6205 is a critical missing-authorization bug enabling unauthenticated privilege escalation, and CVE-2025-6204 is a high-severity code-injection issue allowing arbitrary code execution by high-privilege users.
- Dassault released fixes in early August 2025 and said Releases 2020 through 2025 are impacted, with administrators urged to apply patches or vendor mitigations immediately.
- Federal Civilian Executive Branch agencies must remediate the newly listed vulnerabilities by November 18, 2025, under Binding Operational Directive 22-01.
- The move follows CISA’s September KEV listing of DELMIA Apriso CVE-2025-5086, and researchers separately report active exploitation of an XWiki flaw delivering a cryptocurrency miner from infrastructure geolocated to Vietnam.