Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack Threat actors are actively exploiting multiple security flaws impacting Systèmes DELMIA Apriso XWiki, according to alerts issued by the U.S. Cybersecurity Infrastructure Security Agency ( ) VulnCheck . The vulnerabilities listed below - CVE-2025-6204 (CVSS score: 8.0) A code injection vulnerability in that could allow an attacker execute arbitrary code. CVE-2025-6205 9.1) missing authorization gain privileged access application. CVE-2025-24893 9.8) An improper neutralization of input a dynamic evaluation call (aka eval any guest user perform remote execution through request "/bin/get/Main/SolrSearch" endpoint. Both affect versions from Release 2020 202... https://thehackernews.com/2025/10/active-exploits-hit-dassault-and-xwiki.html