CVE-2025-6204 PoC — Dassault Systèmes DELMIA Apriso 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-6204.yaml

Associated Vulnerability

Title:Dassault Systèmes DELMIA Apriso 安全漏洞 (CVE-2025-6204)
Description:Dassault Systèmes DELMIA Apriso是法国达索系统（Dassault Systèmes）公司的一款数字化企业的互动制造应用软件。 Dassault Systèmes DELMIA Apriso 2020至2025版本存在安全漏洞，该漏洞源于代码生成控制不当，可能导致执行任意代码。

Description

An Improper Control of Generation of Code (code injection / file upload → RCE) vulnerability affecting DELMIA Apriso (Release 2020 → Release 2025). When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place executable artifacts into web-served locations (via path traversal or insufficient normalization) and achieve remote code execution under the webserver context.

File Snapshot


 id: CVE-2025-6204

info:
  name: DELMIA Apriso - Command Injection
  author: iamnoooob,rootxharsh,pa

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!