Critical Infrastructure Security
CISA Says Hackers Actively Exploit Manufacturing Operations Management Platform
Software made by a French multinational that’s used to manage manufacturing across the globe is under active attack, warned the Cybersecurity Infrastructure and Security Agency in the second such warning in two months.
See Also: The Rise of Agentic Commerce: Building Secure, Trusted Payments for the AI-Driven Economy
Hackers are exploiting two vulnerabilities in the Delmia Apriso manufacturing operations management software made by Dassault Systems, CISA said Tuesday. Tracked as CVE-2025-6204 and CVE-2025-6205, the vulnerabilities received patches from Dassault in August.
CVE-2025-6204 is a code injection flaw that, if executed properly, could allow an attacker to input arbitrary code. CVE-2025-6205 is a missing authorization vulnerability that could grant attackers privileged access.
CISA in September warned that hackers were exploiting a separate deserialization of an untrusted data vulnerability flaw in Delmia Apriso software tracked as CVE-2025-5086. Dassault published a patch in June.
That flaw came to public attention after Sans Institute researcher Johannes Ullrich spotted hackers using it to download fwitxz01.dll, a file flagged as malicious by some antivirus firms. Kaspersky classifies the file as Trojan.MSIL.Zapchast.gen, spyware that includes a key logger and that can take screenshots.
Delmia Apriso software controls a manufacturer’s physical processes, meaning successful exploitation of the flaws could easily lead to data theft, production setbacks or disruptions, supply chain impacts and equipment failures. Users of the software include U.S. defense manufactures such as RTX and Lockheed Martin. Cosmetics firm L’Oréal is a customer, as is household appliance maker Electrolux and aerospace manufacture Spirit AeroSystems.
