Hackers Dig for Digital Gold: Critical Vulnerabilities in DELMIA Apriso and XWiki Under Siege!
Threat actors are having a field day exploiting security flaws in Dassault Systèmes DELMIA Apriso and XWiki. While DELMIA Apriso flaws could lead to unauthorized access, XWiki’s vulnerability is being used in a two-stage attack to mine cryptocurrency. Stay updated, because when it comes to cyber threats, ignorance isn’t bliss—it’s just an invitation!
Hot Take:
Looks like the latest trend in cybersecurity is turning software vulnerabilities into a full-blown buffet for hackers. From poor DELMIA Apriso being served with side orders of privilege access to XWiki’s eval injection being the main course of a two-stage attack feast, it’s a hacker’s world and we’re just living in it!
Key Points:
- Multiple security flaws are actively exploited in Dassault Systèmes DELMIA Apriso and XWiki.
- CVE-2025-6204 and CVE-2025-6205 affect DELMIA Apriso and can lead to code execution and privileged access.
- CVE-2025-24893 affects XWiki, allowing arbitrary remote code execution, used in a two-stage attack.
- VulnCheck detected exploitation targeting XWiki, linked to a crypto-mining campaign from Vietnam.
- Users are advised to update systems promptly, with deadlines for remediation set for certain agencies.
Already a member? Log in here