Two actively exploited vulnerabilities have been discovered in Dassault Systèmes’ DELMIA Apriso manufacturing software, affecting versions from 2020 through 2025. The first flaw (CVE-2025-6204) allows remote code execution through a vulnerable SOAP message processor, while the second (CVE-2025-6205) enables attackers to create privileged user accounts and upload malicious executables via an exposed API. Both vulnerabilities were patched in August 2025, but ongoing exploitation indicates that unpatched systems remain at risk, especially within industrial and manufacturing environments.

CISA has added the two flaws to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply updates promptly. The advisory urges organizations to review logs for signs of compromise, including unauthorized admin accounts and suspicious executable files in application directories. Industrial operators are encouraged to isolate affected servers, apply vendor updates, and enhance network segmentation to prevent lateral movement from compromised systems. The incidents highlight how targeted attacks on operational software are increasingly being used to bridge IT and OT environments.

‍

Source: https://www.securityweek.com/cisa-warns-of-exploited-delmia-factory-software-vulnerabilities/