CVE-2025-6205

Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025

CVSS 9.1 CRITICALEPSS 69.2%● KEVCWE-862

In short

DELMIA Apriso lacks proper permission checks, allowing attackers to gain admin-level access without authorization. This affects all versions from 2020 to 2025 and is a critical security flaw.

Technical detail

A missing authorization control in DELMIA Apriso (2020–2025) permits unauthenticated or low-privileged users to escalate privileges and access restricted functionality. The vulnerability stems from insufficient authorization validation on sensitive operations, enabling privilege escalation attacks.

Summary generated and translated by AI from the official description.

A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Dassault Systèmes · DELMIA Apriso

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6205