Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack

The Hacker News by The Hacker News
October 29, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Oct 29, 2025Ravie LakshmananVulnerability / Malware

Threat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and VulnCheck.

The vulnerabilities are listed below –

  • CVE-2025-6204 (CVSS score: 8.0) – A code injection vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to execute arbitrary code.
  • CVE-2025-6205 (CVSS score: 9.1) – A missing authorization vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to gain privileged access to the application.
  • CVE-2025-24893 (CVSS score: 9.8) – An improper neutralization of input in a dynamic evaluation call (aka eval injection) in XWiki that could allow any guest user to perform arbitrary remote code execution through a request to the “/bin/get/Main/SolrSearch” endpoint.

Both CVE-2025-6204 and CVE-2025-6205 affect DELMIA Apriso versions from Release 2020 through Release 2025. They were addressed by Dassault Systèmes in early August.

DFIR Retainer Services

Interestingly, the addition of the two shortcomings to the Known Exploited Vulnerabilities (KEV) catalog comes a little over a month after CISA flagged the exploitation of another critical flaw in the same product (CVE-2025-5086, CVSS score: 9.0), a week after the SANS Internet Storm Center detected in-the-wild attempts. It’s currently not known if these efforts are related.

VulnCheck, which detected exploitation attempts targeting CVE-2025-24893, said the vulnerability is being abused as part of a two-stage attack chain that delivers a cryptocurrency miner. According to CrowdSec and Cyble, the vulnerability is said to have been weaponized in real-world attacks as far back as March 2025.

“We observed multiple exploit attempts against our XWiki canaries coming from an attacker geolocated in Vietnam,” VulnCheck’s Jacob Baines said. “The exploitation proceeds in a two-pass workflow separated by at least 20 minutes: the first pass stages a downloader (writes a file to disk), and the second pass later executes it.”

The payload uses wget to retrieve a downloader (“x640”) from “193.32.208[.]24:8080” and write it to the “/tmp/11909” location. The downloader, in turn, runs shell commands to fetch two additional payloads from the same server –

  • x521, which fetches the cryptocurrency miner located at “193.32.208[.]24:8080/rDuiQRKhs5/tcrond”
  • x522, which kills competing miners such as XMRig and Kinsing, and launches the miner with a c3pool.org configuration

The attack traffic, per VulnCheck, originates from an IP address that geolocates to Vietnam (“123.25.249[.]88“) and has been flagged as malicious in AbuseIPDB for engaging in brute-force attempts as recently as October 26, 2025.

In light of active exploitation, users are advised to apply the necessary updates as soon as possible to safeguard against threats. Several Civilian Executive Branch (FCEB) agencies are required to remediate the DELMIA Apriso flaws by November 18, 2025.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Vintage rail freight system showcases 50-year-old innovation | Computer Weekly

Vintage rail freight system showcases 50-year-old innovation | Computer Weekly

Recommended.

Semiconductor industry calls for more robust, strategic industrial policy

Semiconductor industry calls for more robust, strategic industrial policy

April 20, 2026
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

September 10, 2025

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio