Delmia Apriso CVE-2025-6204
HIGH
Code Injection (CWE-94)
2025-08-04
3DS.Information-Security@3ds.com
8.0
CVSS 3.1
Share
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Lifecycle Timeline
3
Analysis Generated
Mar 28, 2026 - 19:05 vuln.today
Added to CISA KEV
Oct 29, 2025 - 12:49 cisa
CISA KEV
CVE Published
Aug 04, 2025 - 10:15 nvd
HIGH 8.0
DescriptionNVD
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
AnalysisAI
DELMIA Apriso from Release 2020 through 2025 contains a code injection vulnerability allowing attackers to execute arbitrary code on the manufacturing execution system.
Technical ContextAI
The CWE-94 code injection in Apriso allows crafted input to inject executable code that runs within the MES application context.
RemediationAI
Apply Dassault Systèmes security patches. Restrict network access to Apriso instances.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).