CVE-2025-6204

Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025

CVSS 8 HIGHEPSS 75.3%● KEVCWE-94

In short

DELMIA Apriso contains a code injection flaw that lets attackers run malicious code on affected systems. This vulnerability affects versions from 2020 through 2025 and poses a serious risk to manufacturing operations that rely on this software.

Technical detail

An Improper Control of Generation of Code (CWE-94) vulnerability in DELMIA Apriso releases 2020–2025 allows attackers to inject and execute arbitrary code through inadequate input validation or code generation controls. The attack vector and required privileges are not specified, but successful exploitation results in arbitrary code execution with potential impact to system confidentiality, integrity, and availability.

Summary generated and translated by AI from the official description.

An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Dassault Systèmes · DELMIA Apriso

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204