SB2025102963 - Multiple vulnerabilities in DELMIA Apriso

Description

This security bulletin contains information about 2 vulnerabilities.

1) Missing authorization (CVE-ID: CVE-2025-6205)

CWE-ID: CWE-862 - Missing Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to missing authorization checks. A remote attacker can gain privileged access to the application.

2) Code Injection (CVE-ID: CVE-2025-6204)

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:A/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205
• https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204