CVE-2025-6204

HIGH KEV NUCLEI

DELMIA Apriso <2025 - Code Injection

Title source: llm

Exploitation Summary

CVE-2025-6204 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 28, 2025. A Nuclei detection template is also available.

Description

An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

Nuclei Templates (1)

DELMIA Apriso - Command Injection

CRITICALVERIFIEDby iamnoooob,rootxharsh,parthmalhotra,pdresearch

Shodan: title:"DELMIA Apriso"

References (2)

Core 2

Core References

Vendor Advisory

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6204

Scores

CVSS v3 8.0

EPSS 0.1018

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2025-10-28

VulnCheck KEV 2025-10-28

ENISA EUVD EUVD-2025-23494

CWE

CWE-94

Status published

Products (1)

3ds/delmia_apriso 2020 - 2025

Published Aug 04, 2025

KEV Added Oct 28, 2025

Tracked Since Feb 18, 2026