The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with security researchers at VulnCheck, has issued alerts confirming that threat actors are actively exploiting multiple critical vulnerabilities in products from Dassault Systèmes and XWiki. The confirmations highlight an immediate and ongoing threat to users of the affected software platforms, prompting official warnings for organizations to take defensive measures.

Dassault DELMIA Apriso Flaws Under Attack

Two significant vulnerabilities impacting Dassault Systèmes’ DELMIA Apriso manufacturing operations management software are being leveraged in active attacks. The first flaw, identified as CVE-2025-6204, is a code injection vulnerability with a CVSS score of 8.0. According to the advisory, this vulnerability allows an attacker to execute arbitrary code on a targeted system. The second, CVE-2025-6205, is a more severe missing authorization vulnerability with a CVSS score of 9.1. Exploitation of this flaw allows an attacker to gain privileged access to the application. The identified vulnerabilities affect DELMIA Apriso versions from Release 2020 through Release 202…

Critical 9.8 CVSS XWiki Vulnerability Exploited

A critical remote code execution (RCE) vulnerability in the XWiki open-source platform is also confirmed to be under active exploitation. Tracked as CVE-2025-24893, this flaw carries a critical CVSS score of 9.8, reflecting its extreme severity. The vulnerability is an improper neutralization of input in a dynamic evaluation call, also known as an “eval injection.” This security gap allows any unauthenticated guest user to perform arbitrary remote code execution by sending a specially crafted request to the “/bin/get/Main/SolrSearch” endpoint. The active exploitation of such a high-impact flaw presents a severe risk to publicly accessible XWiki instances.

CISA has added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. This action underscores the urgency for system administrators to prioritize patching and mitigation efforts according to vendor advisories to protect their networks from these ongoing attacks.

Source: https://thehackernews.com/2025/10/active-exploits-hit-dassault-and-xwiki.html