Threat actors are taking advantage of security holes in XWiki and Dassault Systèmes DELMIA Apriso. Alerts have been released by VulnCheck and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The following is a list of the vulnerabilities. To protect against threats, users are urged to install the required updates as soon as possible. By November 18, 2025, a number of Civilian Executive Branch (FCEB) organizations must address the DELMia Apriso defects.

According to reports, the vulnerability was used as a weapon in actual attacks as early as March

2025.

As of right now, it is unknown whether these initiatives are connected. According to a Vuln check, the attack traffic comes from an IP address that geolocates to Vietnam ("123.25.249[. ]88") and has been marked as malicious in AbuseIPDB for participating in brute-force attempts as recently as October 26,

2025.

The two flaws were added to the Known Exploited Vulnerabilities (KEV) catalog a week after the SANS Internet Storm Center discovered in-the-wild attempts to exploit CVE-20 25-6205, and slightly more than a month after CISA reported the exploitation of another critical flaw in the same product (CVE-2025-5086, CVSS score:

9.0).

They were addressed by Dassaultsymes in early August and affect versions from Release 2020 through Release

2025.