CISA has added two critical vulnerabilities affecting Dassault Systèmes’ DELMIA Apriso to its Known Exploited Vulnerabilities catalog. The alert, issued on October 28, 2025, mandates that federal agencies must implement mitigations by November 18, 2025. These vulnerabilities represent a severe threat, as DELMIA Apriso is widely used in manufacturing operations.
The vulnerabilities include a code injection flaw (CVE-2025-6204) that allows attackers to execute arbitrary code, and a missing authorization control (CVE-2025-6205) that lets them bypass authentication mechanisms. When combined, they create a significant risk, potentially allowing attackers to manipulate production data or launch ransomware attacks. Organizations are advised to prioritize patching their systems and monitoring for suspicious activities, given the active exploitation detected.
👉 Pročitaj original: Cyber Security News
