CVE-2025-6204 is a high-severity code injection vulnerability (CWE-94) affecting Dassault Systèmes DELMIA Apriso software versions from Release 2020 Golden through Release 2025 Golden. DELMIA Apriso is a manufacturing operations management platform widely used in industrial automation and production environments. The vulnerability arises from improper control over the generation of code within the application, allowing an attacker with high privileges (PR:H) and network access (AV:N) to execute arbitrary code remotely without requiring user interaction (UI:N). The vulnerability impacts confidentiality, integrity, and availability, as indicated by the CVSS vector (C:H/I:H/A:H), and the scope is changed (S:C), meaning the exploit can affect resources beyond the initially vulnerable component. Exploitation requires high complexity (AC:H), implying some non-trivial conditions must be met, but once exploited, it could lead to full system compromise. No known exploits are currently reported in the wild, and no patches have been publicly linked yet. This vulnerability is critical for environments relying on DELMIA Apriso for manufacturing control and automation, as arbitrary code execution could disrupt production lines, leak sensitive operational data, or allow attackers to pivot into broader enterprise networks.

For European organizations, especially those in manufacturing, automotive, aerospace, and industrial sectors where DELMIA Apriso is deployed, this vulnerability poses a significant risk. Exploitation could lead to operational downtime, loss of intellectual property, and potential safety hazards if industrial control systems are manipulated. The high impact on confidentiality, integrity, and availability means attackers could steal sensitive production data, alter manufacturing processes, or cause denial of service. Given Europe's strong manufacturing base and reliance on digital industrial solutions, the threat could disrupt supply chains and cause economic damage. Additionally, the changed scope of the vulnerability means that compromise could extend beyond the application to other networked systems, increasing the risk of lateral movement and broader enterprise impact.

Organizations should immediately inventory their DELMIA Apriso deployments to identify affected versions. Although no patches are currently linked, they should engage with Dassault Systèmes for official security updates or workarounds. In the interim, restrict network access to DELMIA Apriso servers to trusted hosts only, ideally isolating them in segmented network zones with strict firewall rules. Implement strict access controls and monitor for unusual activity, especially from accounts with high privileges. Employ application-layer firewalls or intrusion detection systems capable of detecting anomalous code injection attempts. Regularly audit logs for signs of exploitation attempts. Consider deploying virtual patching techniques if available. Finally, prepare incident response plans specifically for industrial control system compromises to minimize operational disruption.