Ethical Hacking News
U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities in the Dassault Systèmes DELMIA Apriso software, urging federal agencies and private organizations to address these security concerns by November 18, 2025.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog.Dassault Systèmes DELMIA Apriso software, widely used in manufacturing industries, contains two critical vulnerabilities (CVE-2025-6204 and CVE-2025-6205).The first vulnerability has a CVSS score of 8.0 and is related to code injection attacks.The second vulnerability has a CVSS score of 9.1 and is related to missing authorization.Federal agencies must address these vulnerabilities by November 18, 2025, according to CISA's Binding Operational Directive (BOD) 22-01.
U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog
The recent addition of two critical vulnerabilities in the Dassault Systèmes DELMIA Apriso software by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has brought attention to the security concerns surrounding industrial automation systems. The vulnerabilities, tracked as CVE-2025-6204 and CVE-2025-6205, have a potential impact on manufacturing operations management (MOM) and manufacturing execution system (MES) platforms.
Dassault Systèmes DELMIA Apriso is a widely used software in the manufacturing industry, providing digital solutions to manage production processes, monitor performance, and optimize supply chain logistics. The software is utilized by various industries, including automotive, aerospace, and energy, to streamline their operations and improve overall efficiency. However, like any complex system, Dassault Systèmes DELMIA Apriso is not immune to security risks.
The first vulnerability, CVE-2025-6204, has a CVSS score of 8.0 and is related to code injection attacks. This means that an attacker could inject malicious code into the software, potentially leading to arbitrary code execution. The vulnerability affects Release 2020 through Release 2025, which accounts for several years of software updates.
The second vulnerability, CVE-2025-6205, has a CVSS score of 9.1 and is related to missing authorization. This means that an attacker could exploit the flaw to gain privileged access to the application, potentially leading to unauthorized changes or data breaches.
According to CISA's Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies are required to address these vulnerabilities by November 18, 2025. This deadline is crucial as it ensures that all affected systems are updated and secured before potential attackers can exploit the vulnerabilities.
Experts emphasize the importance of addressing these vulnerabilities, not only for federal agencies but also for private organizations that use Dassault Systèmes DELMIA Apriso software. The agency's Known Exploited Vulnerabilities (KEV) catalog serves as a resource for identifying known exploited vulnerabilities and providing guidance on how to address them.
The addition of these two critical vulnerabilities highlights the need for greater awareness and vigilance in the industrial automation sector. As more systems become connected and interdependent, the risks associated with cybersecurity threats grow exponentially.
Pir luigi Paganini
Related Information:
https://www.ethicalhackingnews.com/articles/The-Dassault-Systmes-DELMIA-Apriso-Vulnerabilities-A-Threat-to-Industrial-Automation-Systems-ehn.shtml
Published: Wed Oct 29 12:45:26 2025 by llama3.2 3B Q4_K_M
