The US cybersecurity company CISA on Tuesday warned that two latest vulnerabilities in DELMIA Apriso manufacturing facility software program have been exploited in assaults.
A producing operations administration (MOM) and manufacturing execution system (MES) software program made by French firm Dassault Systèmes, DELMIA Apriso allows the administration of the complete manufacturing course of.
The 2 flaws flagged as exploited are tracked as CVE-2025-6204 (CVSS rating of 8.0) and CVE-2025-6205 (CVSS rating of 9.1), and have an effect on DELMIA Apriso from launch 2020 by means of launch 2025.
CVE-2025-6204 is described as a code injection bug that permits attackers to execute arbitrary code, whereas CVE-2025-6205 is a lacking authorization problem that may be exploited to achieve privileged entry to the appliance.
In response to ProjectDiscovery, the 2 safety defects may be chained collectively to create accounts with elevated privileges after which place executable recordsdata right into a web-served listing.
“The product exposes a SOAP-based message processor endpoint that accepts XML payloads for bulk worker/identification provisioning. Individually, the product exposes a file add API utilized by portal parts however that’s accessible solely post-authentication,” ProjectDiscovery notes.
Attackers can ship unauthenticated requests to the SOAP message processor to create an arbitrary account and assign it excessive privileges. Then, they’ll authenticate because the newly created consumer and drop executables into the server’s internet root.
Dassault Systèmes launched patches and barebone advisories for the 2 vulnerabilities on August 4, and ProjectDiscovery revealed technical particulars on September 23.Commercial. Scroll to proceed studying.
Now, CISA says that each points have been exploited within the wild, by including them to its Identified Exploited Vulnerabilities (KEV) checklist. As mandated by Binding Operational Directive (BOD) 22-01, federal businesses ought to patch the issues inside three weeks.
Whereas BOD 22-01 solely applies to federal businesses, all organizations ought to evaluation CISA’s KEV checklist and apply patches and mitigations for the safety defects it describes.
To hunt for potential compromise by means of susceptible DELMIA Apriso deployments, organizations ought to test for newly created privileged accounts and may scan directories for executables comparable to webshells.
Final month, CISA warned that menace actors have been exploiting one other DELMIA Apriso vulnerability, CVE-2025-5086 (CVSS rating of 9.0), which may result in distant code execution.
Associated: Yr-Outdated WordPress Plugin Flaws Exploited to Hack Web sites
Associated: QNAP NetBak PC Agent Affected by Latest ASP.NET Core Vulnerability
Associated: Lanscope Endpoint Supervisor Zero-Day Exploited within the Wild
Associated: RondoDox Botnet Takes ‘Exploit Shotgun’ Strategy
