CVE-2025-6204

Summary

An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesDELMIA AprisoRelease 2020 Golden <= Release 2020 SP4affected
Dassault SystèmesDELMIA AprisoRelease 2021 Golden <= Release 2021 SP3affected
Dassault SystèmesDELMIA AprisoRelease 2022 Golden <= Release 2022 SP3affected
Dassault SystèmesDELMIA AprisoRelease 2023 Golden <= Release 2023 SP3affected
Dassault SystèmesDELMIA AprisoRelease 2024 Golden <= Release 2024 SP1affected
Dassault SystèmesDELMIA AprisoRelease 2025 Golden <= Release 2025 SP1affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References