CVE-2025-6205

Published Aug 4, 2025

Last updated a month ago

Exploit knownCVSS critical 9.1
DELMIA Apriso

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-6205 is a missing authorization vulnerability affecting Dassault Systèmes DELMIA Apriso from Release 2020 through Release 2025. An attacker could exploit this flaw to gain privileged access to the application. This vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog, and federal agencies are required to fix it by November 18, 2025. It was addressed by Dassault Systèmes in early August. ProjectDiscovery researchers indicated that this flaw can be combined with CVE-2025-6204 to create accounts with elevated privileges and drop executable files, leading to a full application compromise.

Description
A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.
Source
3DS.Information-Security@3ds.com
NVD status
Analyzed
Products
delmia_apriso

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability
Exploit added on
Oct 28, 2025
Exploit action due
Nov 18, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

3DS.Information-Security@3ds.com
CWE-862

Social media

Hype score
Not currently trending

  1. 🛡️ Enhanced WAF protection is here! Our latest update boosts coverage for DELMIA Apriso vulnerabilities (CVE-2025-6205), now blocking exploitation attempts. Stay secure against unauthorized access & system compromise. https://t.co/D7XRZL8V92

    @mveracf

    19 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🛡️ New WAF rule incoming! Protect your sites from potential Auth Bypass vulnerabilities in DELMIA Apriso (CVE-2025-6205). Stay ahead of threats with Cloudflare's proactive security. https://t.co/0IT2wg9qnr

    @mveracf

    12 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-6205 - DELMIA Apriso vulnerability exploited in the wild https://t.co/YtO737fnBV https://t.co/giQ2rD4vbs

    @CloudVirtues

    9 Nov 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-6205 - DELMIA Apriso vulnerability exploited in the wild https://t.co/j7n9azXinS https://t.co/65gIJ7C0Vt

    @SirajD_Official

    9 Nov 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-6205 - DELMIA Apriso vulnerability exploited in the wild https://t.co/heZ6W7zlvM https://t.co/pqyYhsL4Id

    @scandaletti

    8 Nov 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CISA Alerts: 2 New Dassault Flaws Under Active Attack https://t.co/D66fhuwVtT #CisaSecurityAlert #cve-2025-6204 #cve-2025-6205 #DassaultDelmiaApriso

    @wizconsults

    30 Oct 2025

    48 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Today @CISACyber added Dassault Systèmes DELMIA Apriso vulnerabilities CVE-2025-6204 & CVE-2025-6205 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/LMm64iDr0N & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec

    @7thGensec

    29 Oct 2025

    158 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🔴 Delmia Apriso Manufacturing Systems Under Active Attack CISA warns hackers actively exploiting CVE-2025-6204 (code injection) and CVE-2025-6205 (missing authorization) in Dassault's Delmia Apriso manufacturing operations software. What's concerning: customers include RTX

    @the_c_protocol

    29 Oct 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🌍 @CISACyber adds 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog: - CVE-2025-6204 (Code Injection) - CVE-2025-6205 (Missing Authorization) Both affect Dassault Systèmes DELMIA Apriso and are under active exploitation. Patch fast - and stay updated.

    @TechNadu

    29 Oct 2025

    87 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  10. CISA reports active exploitation of two critical vulnerabilities in Dassault Systèmes’ DELMIA Apriso software (CVE-2025-6204 & CVE-2025-6205). Privilege escalation and remote code execution risks impact industrial systems. #IndustrialSecurity #France https://t.co/sF9cIN8LT

    @TweetThreatNews

    29 Oct 2025

    127 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. 🚨CVE-2025-6204 and CVE-2025-6205 have been added to the KEV Catalog. https://t.co/9idGUAHIKd https://t.co/ScMnLCsUaM

    @DarkWebInformer

    28 Oct 2025

    4254 Impressions

    2 Retweets

    21 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  12. 🛡️ We added Dassault Systèmes DELMIA Apriso vulnerabilities CVE-2025-6204 & CVE-2025-6205 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/Jm

    @CISACyber

    28 Oct 2025

    6234 Impressions

    18 Retweets

    37 Likes

    4 Bookmarks

    13 Replies

    2 Quotes

  13. 🚨 CVE-2025-6205 - high 🚨 DELMIA Apriso - Broken Access Control > DELMIA Apriso Release 2020 through Release 2025 contains a broken access control vuln... 👾 https://t.co/yujwWGUAp7 @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    23 Sept 2025

    166 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  14. CVE-2025-6205 (CVSS:9.1, CRITICAL) is Awaiting Analysis. A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an atta..https://t.co/Wl33Eg4Cbh #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    9 Aug 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-6205 Missing Authorization Vulnerability in DELMIA Apriso Enabling Unauthorized Privileged Access https://t.co/MBThRibG4G

    @VulmonFeeds

    4 Aug 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. [CVE-2025-6205: CRITICAL] A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.#cve,CVE-2025-6205,#cybersecurity https://t.co/xThZPfdrZZ https://t.co/mG2gJeXuTr

    @CveFindCom

    4 Aug 2025

    101 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2025-6205 A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the applicatio… https://t.co/nKLJ0kJfMx

    @CVEnew

    4 Aug 2025

    537 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.