Today CISA announced that it had added two vulnerabilities to their Known Exploited Vulnerabilities catalog for vulnerabilities in the Dassault Systèmes DELMIA Apriso manufacturing operations management software. The two vulnerabilities are:
Code injection - CVE-2025-6204,
and
Missing authorization - CVE-2025-6205
Dassault published advisories for the vulnerabilities on August 4th, 2025. The vulnerabilities were reported to Dassault by Rahul Maini and Harsh Jaiswal via ProjectDiscovery.io, the report contains proof-of-concept code.
CISA has ordered federal
agencies to apply mitigations per vendor instructions, follow applicable BOD
22-01 guidance for cloud services, or discontinue use of the product if
mitigations are unavailable. They provided a deadline of November 18th,
2025 to accomplish these actions.
Posts
No comments:
Post a Comment