Cyber Resilience

CVE-2025-6204

HighCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 04 August 2025

Published
04 August 2025
Modified
29 October 2025
KEV Added
28 October 2025
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.1018 93.3th percentile
Risk Priority 42 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-6204 is a high-severity Code Injection (CWE-94) vulnerability in 3Ds Delmia Apriso. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-6204 is an improper control of code generation vulnerability, also described as code injection under CWE-94, that affects Dassault Systèmes DELMIA Apriso releases from 2020 through 2025. The flaw permits an attacker to execute arbitrary code on the affected manufacturing operations platform.

Successful exploitation requires an authenticated attacker with high privileges to supply malicious input over the network, resulting in full confidentiality, integrity, and availability impact with changed scope. The CVSS 8.0 rating reflects the high complexity and administrative access needed, yet the changed scope indicates potential lateral movement beyond the initial component.

The vendor advisory at 3ds.com details remediation steps and patch availability for supported releases, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.

EPSS scores rose from a low baseline to a peak of 0.2011 before settling at the current 0.1018, indicating growing exploitation interest after public disclosure and warranting renewed attention from practitioners.

EU & UK References

Vulnerability details

An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

CWE(s)
KEV Date Added
28 October 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CWE-94 code injection in network-accessible DELMIA Apriso directly enables remote arbitrary code execution (RCE) matching T1190 Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-6205Same product: 3Ds Delmia Aprisoboth on KEV
CVE-2025-23209Shared CWE-94both on KEV
CVE-2026-1281Shared CWE-94both on KEV
CVE-2026-1340Shared CWE-94both on KEV
CVE-2025-54068Shared CWE-94both on KEV
CVE-2025-37164Shared CWE-94both on KEV
CVE-2025-49704Shared CWE-94both on KEV
CVE-2026-20045Shared CWE-94both on KEV
CVE-2025-24893Shared CWE-94both on KEV
CVE-2026-34197Shared CWE-94both on KEV

Affected Assets

3ds
delmia apriso
2020 — 2025

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the code injection vulnerability in DELMIA Apriso by requiring timely application of vendor patches to prevent arbitrary code execution.

prevent

Prevents code injection attacks by enforcing validation of inputs used in dynamic code generation, addressing the core CWE-94 flaw in the affected software.

prevent

Mitigates arbitrary code execution resulting from successful code injection through memory protections like DEP and ASLR, limiting exploit impact despite high privileges.

References