The Cybersecurity and Infrastructure Security Agency (CISA) has flagged two serious flaws in the DELMIA Apriso manufacturing operations management (MOM) platform by Dassault Systèmes, confirming they are actively exploited in the wild.
Gaps in Authorization and Code Injection Under Attack
CISA’s advisory highlights:
- CVE-2025-6205, rated at a CVSS of 9.1, is a missing-authorization vulnerability that allows an unauthenticated attacker to gain privileged access to the Apriso application.
- CVE-2025-6204, rated at a CVSS of 8.0, is a code-injection vulnerability that permits execution of arbitrary code on vulnerable systems.
Both flaws impact Apriso versions from Release 2020 through Release 2025 and were patched by Dassault Systèmes in August 2025. Today’s inclusion of these bugs in CISA’s Known Exploited Vulnerabilities Catalog signals confirmed active exploitation.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA wrote, adding that agencies must apply vendor mitigation or discontinue use.
Scope of Industrial Impact and Attack Surface Risk
DELMIA Apriso is widely deployed across manufacturing, automotive, aerospace and electronics sectors to manage production, scheduling, warehouse workflows and supply-chain operations. The frequent use of Apriso within critical infrastructure environments means these flaws present a large attack surface.
Exploitation could allow adversaries to manipulate manufacturing workflows, inject malicious code into production systems, disrupt processes or exfiltrate proprietary information. CISA has set a remediation deadline of November 18 2025 for Federal Civilian Executive Branch agencies under the Binding Operational Directive 22-01. Private-sector operators are strongly urged to prioritise patching given the active threat.
Recommended Mitigations and Defensive Steps
Security teams managing Apriso or similar MOM/MES software should implement the following:
- Immediately apply the patches released by Dassault Systèmes for CVE-2025-6204 and CVE-2025-6205.
- Validate software versioning across all installations (Releases 2020–2025 may be impacted).
- Audit access controls: ensure only authorised users have privileged roles within Apriso.
- Monitor for anomalous activity, such as new user accounts, elevated privileges, or remote code-execution indicators.
- Segment Apriso infrastructure from general IT networks and isolate it within industrial operations zones.
- Engage in continuous threat-hunting for post-exploitation artefacts, including service-hijack attempts or malicious payloads.
This advisory underscores a persistent trend: attackers increasingly target OT/IT convergence platforms like MOM/MES systems rather than just legacy PLCs or SCADA devices. As manufacturing environments digitise, enterprise risk no longer lies purely in traditional IT assets. Protecting systems like DELMIA Apriso becomes crucial to safeguarding entire supply chains and industrial continuity.
