CVE-2025-6204
Published: 04 August 2025
Summary
CVE-2025-6204 is a high-severity Code Injection (CWE-94) vulnerability in 3Ds Delmia Apriso. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the code injection vulnerability in DELMIA Apriso by requiring timely application of vendor patches to prevent arbitrary code execution.
Prevents code injection attacks by enforcing validation of inputs used in dynamic code generation, addressing the core CWE-94 flaw in the affected software.
Mitigates arbitrary code execution resulting from successful code injection through memory protections like DEP and ASLR, limiting exploit impact despite high privileges.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-94 code injection in network-accessible DELMIA Apriso directly enables remote arbitrary code execution (RCE) matching T1190 Exploit Public-Facing Application.
NVD Description
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
Deeper analysisAI
CVE-2025-6204 is an Improper Control of Generation of Code (Code Injection) vulnerability, classified under CWE-94, affecting DELMIA Apriso software from Release 2020 through Release 2025. Published on 2025-08-04, it carries a CVSS v3.1 base score of 8.0 (High), with vector AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating network accessibility, high attack complexity, requirement for high privileges, no user interaction, changed scope, and high impacts to confidentiality, integrity, and availability. Successful exploitation enables arbitrary code execution on affected systems.
The vulnerability can be exploited by an attacker with high-level privileges (PR:H) who has network access to the target DELMIA Apriso instance. Due to the high attack complexity (AC:H), exploitation requires sophisticated techniques, but once achieved over the network without user interaction, it allows full arbitrary code execution with elevated scope, potentially compromising the entire system through high confidentiality, integrity, and availability impacts.
Mitigation guidance is available in the vendor security advisory from Dassault Systèmes at https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204, indicating active exploitation in the wild and urging federal agencies to apply patches by specified deadlines.
This CVE's inclusion in CISA's KEV catalog highlights real-world exploitation risks, particularly in manufacturing and industrial environments reliant on DELMIA Apriso for production management.
Details
- CWE(s)
- KEV Date Added
- 28 October 2025