Delmia Apriso
CVE-2025-6204
HIGH
Severity by source
AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
AnalysisAI
DELMIA Apriso from Release 2020 through 2025 contains a code injection vulnerability allowing attackers to execute arbitrary code on the manufacturing execution system.
Technical ContextAI
The CWE-94 code injection in Apriso allows crafted input to inject executable code that runs within the MES application context.
RemediationAI
Apply Dassault Systèmes security patches. Restrict network access to Apriso instances.
More in Delmia Apriso
View allDELMIA Apriso contains a missing authorization vulnerability allowing attackers to gain privileged access to the manufac
Dassault Systemes DELMIA Apriso (releases 2020-2025) contains an unauthenticated deserialization vulnerability (CVE-2025
Authentication bypass in Dassault Systèmes DELMIA Apriso (Release 2020 through Release 2026) lets remote unauthenticated
An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authenticati
Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Releas
A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenti
A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attack
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today