A critical vulnerability in Dassault Systèmes' DELMIA Apriso software, tracked as CVE-2025-5086, is being actively exploited in the wild, prompting urgent warnings from cybersecurity authorities. The flaw, which has been assigned a CVSS score of 9, is a deserialization of untrusted data vulnerability (CWE-502) that could allow attackers to execute arbitrary code remotely. This vulnerability affects DELMIA Apriso versions from Release 2020 through Release 2025.
The vulnerability was publicly disclosed on June 2, 2025, and has since been added to CISA's Known Exploited Vulnerabilities (KEV) catalog as of September 11, 2025. The inclusion in the KEV list underscores the critical nature of the flaw and the need for immediate attention from organizations using the affected software. The Exploit Prediction Scoring System (EPSS) has assigned it a score of 0.441, indicating a significant likelihood of exploitation.
CVE-2025-5086 allows attackers to exploit the deserialization process in DELMIA Apriso, leading to potential remote code execution. This could enable attackers to gain unauthorized access to systems, deploy malware, or disrupt operations. Given the criticality of the systems that DELMIA Apriso typically manages—often involved in manufacturing and supply chain operations—the impact of such an exploit could be substantial.
The vulnerability has been exploited in the wild within approximately 100 days of its disclosure, highlighting the rapid pace at which threat actors are leveraging this flaw. The Security Severity Vulnerability Classification (SSVC) has marked this as "attend," indicating that organizations should prioritize addressing this vulnerability.
Organizations using DELMIA Apriso are urged to implement mitigation strategies immediately. While Dassault Systèmes has not yet released a patch, users should apply any available workarounds and monitor their systems for unusual activity. Additionally, network segmentation and strict access controls can help limit the potential impact of an exploit.
CISA's warning emphasizes the urgency of addressing this vulnerability, particularly given its active exploitation status. Organizations should ensure that their security teams are aware of the threat and are taking appropriate measures to protect their systems. Regular updates from Dassault Systèmes should be monitored for any new developments or official patches.
CSURFACE