CVE-2025-6204 is a code injection vulnerability classified under CWE-94, affecting Dassault Systèmes DELMIA Apriso software versions from Release 2020 Golden through Release 2025 Golden. DELMIA Apriso is a manufacturing operations management platform widely used in industrial environments to optimize production processes. The vulnerability arises from improper control over code generation, allowing an attacker to inject and execute arbitrary code within the context of the application. According to the CVSS 3.1 vector (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), exploitation requires network access, high attack complexity, and high privileges, but no user interaction. The scope is changed, indicating that exploitation can affect resources beyond the initially vulnerable component. Successful exploitation can lead to full compromise of confidentiality, integrity, and availability of the affected system, potentially disrupting manufacturing operations or enabling further lateral movement within the network. No public exploits are known at this time, but the severity and potential impact warrant immediate attention. The lack of published patches at the time of disclosure means organizations must rely on compensating controls until updates are available.

For European organizations, especially those in manufacturing, automotive, aerospace, and industrial sectors, this vulnerability poses a significant risk. DELMIA Apriso is integral to production workflows, and arbitrary code execution could lead to operational disruptions, intellectual property theft, or sabotage. The impact extends beyond IT systems to physical production lines, potentially causing financial losses and safety hazards. Given Europe's strong industrial base and reliance on Dassault Systèmes products, the threat could affect supply chains and critical infrastructure. The high severity score reflects the potential for widespread damage if exploited, including data breaches and prolonged downtime. Organizations with interconnected OT and IT environments are particularly vulnerable, as attackers could pivot from compromised DELMIA Apriso instances to other critical systems.

1. Monitor Dassault Systèmes communications closely for official patches and apply them promptly once released. 2. Until patches are available, enforce strict network segmentation to isolate DELMIA Apriso servers from general IT networks and limit exposure to trusted administrators only. 3. Implement robust access controls and multi-factor authentication for all accounts with high privileges on DELMIA Apriso systems. 4. Conduct regular audits of user privileges and remove unnecessary administrative rights. 5. Employ application whitelisting and runtime application self-protection (RASP) where possible to detect and block unauthorized code execution. 6. Monitor network traffic and system logs for unusual activities indicative of code injection attempts or lateral movement. 7. Educate operational technology and IT teams about the vulnerability and response procedures. 8. Develop and test incident response plans specific to industrial control system compromises.