CVE-2025-6204

HIGH 8.0

⚠️ CISA KEV

Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025

CVSS Score

8.0

EPSS Score

0.0%

EPSS Percentile

0th

An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

CWE	CWE-94
Vendor	dassault systèmes
Product	delmia apriso
Published	Aug 4, 2025
Last Updated	Feb 26, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for dassault systèmes delmia apriso

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-6204.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Dassault Systèmes / DELMIA Apriso

Release 2020 Golden ≤ Release 2020 SP4 Release 2021 Golden ≤ Release 2021 SP3 Release 2022 Golden ≤ Release 2022 SP3 Release 2023 Golden ≤ Release 2023 SP3 Release 2024 Golden ≤ Release 2024 SP1 Release 2025 Golden ≤ Release 2025 SP1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

3ds.com: https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204