CVE-2025-6204
HIGH
2025-08-04
[email protected]
8.0
CVSS 3.1
Share
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Lifecycle Timeline
3
Analysis Generated
Mar 28, 2026 - 19:05 vuln.today
Added to CISA KEV
Oct 29, 2025 - 12:49 cisa
CISA KEV
CVE Published
Aug 04, 2025 - 10:15 nvd
HIGH 8.0
Description
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
Analysis
DELMIA Apriso from Release 2020 through 2025 contains a code injection vulnerability allowing attackers to execute arbitrary code on the manufacturing execution system.
Technical Context
The CWE-94 code injection in Apriso allows crafted input to inject executable code that runs within the MES application context.
Affected Products
['DELMIA Apriso Release 2020 through 2025']
Remediation
Apply Dassault Systèmes security patches. Restrict network access to Apriso instances.
Priority Score
97
Low
Medium
High
Critical
KEV: +50
EPSS: +7.5
CVSS: +40
POC: 0
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).