An Improper Control of Generation of Code (code injection / file upload → RCE) vulnerability affecting DELMIA Apriso (Release 2020 → Release 2025). When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place executable artifacts into web-served locations (via path traversal or insufficient normalization) and achieve remote code execution under the webserver context.
id: CVE-2025-6204
info:
name: DELMIA Apriso - Command Injection
author: iamnoooob,rootxharsh,pa
...