CISA Adds Two Dassault DELMIA Apriso Vulnerabilities
🔒 CISA added two vulnerabilities to its Known Exploited Vulnerabilities Catalog affecting Dassault Systèmes DELMIA Apriso. The issues—CVE-2025-6204 (code injection) and CVE-2025-6205 (missing authorization)—have evidence of active exploitation and pose significant risk. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed CVEs by the required due dates. CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.
