Critical Infrastructure Under Siege: CISA Warns of Active Exploits Targeting Manufacturing Software
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a grave warning regarding ongoing cyberattacks targeting a widely utilized manufacturing operations management platform developed by French multinational Dassault Systèmes. This marks the second alert from CISA in just two months, indicating a sustained threat to critical manufacturing systems.
The intelligent manufacturing software, known as Delmia Apriso, is currently facing exploitation through two significant vulnerabilities identified as CVE-2025-6204 and CVE-2025-6205. CISA’s announcement on October 28 reveals that hostile actors are actively taking advantage of these flaws to gain unauthorized access and execute arbitrary code, raising serious concerns about potential data breaches and production disruptions.
CVE-2025-6204 is classified as a code injection vulnerability, which attackers can leverage to insert malicious code into applications. Meanwhile, CVE-2025-6205 involves a missing authorization vulnerability that allows attackers to elevate their privileges significantly, potentially undermining the integrity of the systems involved. Dassault had previously released patches for these vulnerabilities in August, yet the continued exploitation suggests a critical failure in system updating or threat detection among affected users.
In addition, CISA provided an alert last month regarding another vulnerability within the same software, CVE-2025-5086, which involved the deserialization of untrusted data. This issue surfaced when cybersecurity researcher Johannes Ullrich observed malicious usage that facilitated the downloading of a flagged file categorized as malicious by several antivirus providers. The threat posed by such exploits is concerning, particularly given that they can enable unauthorized surveillance techniques such as keystroke logging and screen captures.
The implications of these vulnerabilities are far-reaching, given that Delmia Apriso software is integral to controlling manufacturing processes. Successful exploitation could lead to extensive operational setbacks, supply chain disruptions, and even catastrophic equipment failures. Notably, users of Delmia Apriso include prominent U.S. defense contractors such as RTX and Lockheed Martin, as well as major consumer brands like L’Oréal and Electrolux.
For those in the cyber defense community, the incident underscores the critical nature of proactive security measures and the continuous updating of systems. Leveraging frameworks like the MITRE ATT&CK Matrix can assist in identifying the array of tactics and techniques used by adversaries, including initial access through code injection and privilege escalation due to insufficient authorization protocols.
To mitigate risks, enterprises utilizing Delmia Apriso must ensure they apply the latest patches and review their security practices urgently. With the stakes so high in manufacturing, where operational integrity is paramount, this alert serves as a stark reminder of the vulnerabilities that can compromise both economic and national security. Business owners must remain vigilant, employing comprehensive cybersecurity strategies to fortify their defenses against evolving threats.
