CVE-2025-6204

An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-08-04 10:15

Updated : 2025-10-29 12:49

NVD link : CVE-2025-6204

Mitre link : CVE-2025-6204

CVE.ORG link : CVE-2025-6204

JSON object : View

Products Affected

3ds

delmia_apriso

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-6204", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.3}]}, "published": "2025-08-04T10:15:27.800", "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204", "tags": ["US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."}, {"lang": "es", "value": "Una vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (inyecci\u00f3n de c\u00f3digo) que afecta a DELMIA Apriso desde la versi\u00f3n 2020 hasta la versi\u00f3n 2025 podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario."}], "lastModified": "2025-10-29T12:49:33.617", "cisaActionDue": "2025-11-18", "cisaExploitAdd": "2025-10-28", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "809F8ACE-5686-4178-ACF7-D6968035FCF5", "versionEndIncluding": "2025", "versionStartIncluding": "2020"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Dassault Syst\u00e8mes DELMIA Apriso Code Injection Vulnerability"}