- Threat actors are exploiting vulnerabilities in Dassault Systèmes DELMIA Apriso and XWiki.
- CVE-2025-24893 in XWiki enables remote code execution by any guest user.
- CVE-2025-6204 and CVE-2025-6205 affect DELMIA Apriso versions from 2020 to 2025 and allow code injection and privilege escalation.
- Exploitation attempts include delivering cryptocurrency miners and disabling competing Malware.
- Users are urged to apply security updates promptly, with some agencies required to patch by November 18, 2025.
Threat actors are actively exploiting multiple security flaws found in Dassault Systèmes DELMIA Apriso and XWiki, according to alerts from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and VulnCheck. The vulnerabilities allow remote code execution and unauthorized access.
Specifically, CVE-2025-6204 is a code injection vulnerability with a CVSS score of 8.0, and CVE-2025-6205 is a missing authorization flaw with a score of 9.1, both impacting DELMIA Apriso releases from 2020 through 2025. These were patched by the vendor in early August. Meanwhile, CVE-2025-24893, rated 9.8, is an eval injection in XWiki allowing any guest user to execute arbitrary code through the “/bin/get/Main/SolrSearch” endpoint.
VulnCheck reported that CVE-2025-24893 is exploited in a two-stage attack delivering cryptocurrency mining malware. The attacker first stages a downloader, which retrieves further payloads including a miner and a tool to remove competing malware like XMRig and Kinsing. The attack traffic originates from an IP address in Vietnam flagged for malicious activity, according to AbuseIPDB.
“We observed multiple exploit attempts against our XWiki canaries coming from an attacker geolocated in Vietnam,” said VulnCheck’s Jacob Baines. “The exploitation proceeds in a two-pass workflow separated by at least 20 minutes: the first pass stages a downloader (writes a file to disk), and the second pass later executes it.”
The vulnerabilities have been added recently to the Known Exploited Vulnerabilities catalog. Active exploitation follows earlier attacks targeting a separate critical flaw in DELMIA Apriso, reported in September. Civilian Executive Branch agencies are required to remediate the DELMIA Apriso flaws by November 18, 2025. Users are advised to apply updates promptly to reduce risk.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Amazon Commits $5B to Build Data Centers in South Korea by 2031
- ASIC updates digital asset rules; licensing concerns in Australia
- Korea Zinc Chair Invited to U.S.-Korea Business Summit in Gyeongju
- Trump Media to Launch Truth Social Prediction Markets Beta Test
- OpenAI: 1.2M Weekly ChatGPT Users Discuss Suicide Risks
