CVE-2025-6205 PUBLISHED

Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025

Assigner: 3DS
Reserved: 17.06.2025 Published: 04.08.2025 Updated: 04.08.2025

A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS Score: 9.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Dassault Systèmes
Product	DELMIA Apriso
Versions	Default: unaffected affected from Release 2020 Golden to Release 2020 SP4 (incl.) affected from Release 2021 Golden to Release 2021 SP3 (incl.) affected from Release 2022 Golden to Release 2022 SP3 (incl.) affected from Release 2023 Golden to Release 2023 SP3 (incl.) affected from Release 2024 Golden to Release 2024 SP1 (incl.) affected from Release 2025 Golden to Release 2025 SP1 (incl.)

References

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205

Problem Types

CWE-862 Missing Authorization CWE