All news with #delmia apriso tag

Tue, October 28, 2025

CISA Warns of Two Actively Exploited DELMIA Flaws Now

#KEV Added #Active Exploitation #Security Advisory #Patch #RCE #Dassault Systèmes #DELMIA Apriso

⚠️ CISA has confirmed active exploitation of two vulnerabilities in Dassault Systèmes' DELMIA Apriso: CVE-2025-6205 (critical missing authorization) and CVE-2025-6204 (high-severity code injection). Both flaws were patched by the vendor in early August 2025 and affect Releases 2020 through 2025. Federal agencies must remediate within three weeks under BOD 22-01, and CISA urges all organizations to prioritize vendor mitigations or discontinue use if no fixes exist.

read more →

Thu, September 11, 2025

CISA Adds One Vulnerability to KEV Catalog (2025-09-11)

#KEV Added #Insecure Deserialization #DELMIA Apriso #Dassault Systèmes #Disclosure

🔔 CISA added CVE-2025-5086 — a Dassault Systèmes DELMIA Apriso deserialization of untrusted data vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog on September 11, 2025, based on evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed issues by required due dates. CISA urges all organizations to prioritize timely remediation as part of vulnerability management and will continue updating the catalog with vulnerabilities that meet its criteria.