The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new critical vulnerabilities affecting products from Dassault Systèmes and XWiki to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms that both security flaws are being actively exploited in real-world attacks.

The inclusion in the KEV catalog serves as an official alert to federal agencies and private organizations about the immediate and ongoing threats posed by these vulnerabilities. CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies must apply the necessary patches by a specified deadline to secure their networks against these confirmed exploits.

Dassault Systèmes RCE Flaw Exploited

The first vulnerability noted by CISA impacts Dassault Systèmes’ CATIA, DELMIA, and ENOVIA V5-6R2022 product line. This critical flaw allows for remote code execution (RCE), enabling attackers to run arbitrary code on affected systems. The presence of this vulnerability in the KEV catalog confirms that threat actors have developed and are using exploits to compromise systems running the vulnerable software. Organizations using these specific Dassault products are advised to prioritize the installation of security updates provided by the vendor.

XWiki Privilege Escalation and RCE Under Attack

The second vulnerability added to the KEV catalog affects the XWiki open-source collaboration platform. This security flaw permits privilege escalation and remote code execution. Attackers are leveraging this vulnerability to gain elevated permissions on a target XWiki instance, which can then be used to execute unauthorized commands. The active exploitation of this flaw poses a significant risk to data integrity and system control for users of the platform. XWiki has released patches, and administrators are urged to update their installations immediately to prevent compromise.

Source: https://thehackernews.com/2025/10/active-exploits-hit-dassault-and-xwiki.html