CVE-2025-6204 (GCVE-0-2025-6204)
Vulnerability from cvelistv5
Published
2025-08-04 09:14
Modified
2025-08-04 15:50
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
References
3DS.Information-Security@3ds.comhttps://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204
Impacted products
Vendor Product Version
Dassault Systèmes DELMIA Apriso Version: Release 2020 Golden   <
Version: Release 2021 Golden   <
Version: Release 2022 Golden   <
Version: Release 2023 Golden   <
Version: Release 2024 Golden   <
Version: Release 2025 Golden   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6204",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-04T15:49:53.504308Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-04T15:50:49.434Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DELMIA Apriso",
          "vendor": "Dassault Syst\u00e8mes",
          "versions": [
            {
              "lessThanOrEqual": "Release 2020 SP4",
              "status": "affected",
              "version": "Release 2020 Golden",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Release 2021 SP3",
              "status": "affected",
              "version": "Release 2021 Golden",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Release 2022 SP3",
              "status": "affected",
              "version": "Release 2022 Golden",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Release 2023 SP3",
              "status": "affected",
              "version": "Release 2023 Golden",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Release 2024 SP1",
              "status": "affected",
              "version": "Release 2024 Golden",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "Release 2025 SP1",
              "status": "affected",
              "version": "Release 2025 Golden",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."
            }
          ],
          "value": "An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-04T09:14:08.343Z",
        "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "shortName": "3DS"
      },
      "references": [
        {
          "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
    "assignerShortName": "3DS",
    "cveId": "CVE-2025-6204",
    "datePublished": "2025-08-04T09:14:08.343Z",
    "dateReserved": "2025-06-17T14:03:08.909Z",
    "dateUpdated": "2025-08-04T15:50:49.434Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-6204\",\"sourceIdentifier\":\"3DS.Information-Security@3ds.com\",\"published\":\"2025-08-04T10:15:27.800\",\"lastModified\":\"2025-08-04T15:06:15.833\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo (inyecci\u00f3n de c\u00f3digo) que afecta a DELMIA Apriso desde la versi\u00f3n 2020 hasta la versi\u00f3n 2025 podr\u00eda permitir que un atacante ejecute c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"3DS.Information-Security@3ds.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"3DS.Information-Security@3ds.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204\",\"source\":\"3DS.Information-Security@3ds.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-6204\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-04T15:49:53.504308Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-04T15:50:45.253Z\"}}], \"cna\": {\"title\": \"Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Dassault Syst\\u00e8mes\", \"product\": \"DELMIA Apriso\", \"versions\": [{\"status\": \"affected\", \"version\": \"Release 2020 Golden\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Release 2020 SP4\"}, {\"status\": \"affected\", \"version\": \"Release 2021 Golden\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Release 2021 SP3\"}, {\"status\": \"affected\", \"version\": \"Release 2022 Golden\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Release 2022 SP3\"}, {\"status\": \"affected\", \"version\": \"Release 2023 Golden\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Release 2023 SP3\"}, {\"status\": \"affected\", \"version\": \"Release 2024 Golden\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Release 2024 SP1\"}, {\"status\": \"affected\", \"version\": \"Release 2025 Golden\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"Release 2025 SP1\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f5a594e6-46a7-4e60-8a08-0a786e70e433\", \"shortName\": \"3DS\", \"dateUpdated\": \"2025-08-04T09:14:08.343Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-6204\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-04T15:50:49.434Z\", \"dateReserved\": \"2025-06-17T14:03:08.909Z\", \"assignerOrgId\": \"f5a594e6-46a7-4e60-8a08-0a786e70e433\", \"datePublished\": \"2025-08-04T09:14:08.343Z\", \"assignerShortName\": \"3DS\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.