Deserialization Vulnerability in DELMIA Apriso by Dassault Systèmes
CVE-2025-5086

9CRITICAL

Key Information:

Vendor

Dassault Systèmes

Status
Delmia Apriso
Vendor
CVE Published:
2 June 2025

Badges

📈 Score: 1,060👾 Exploit Exists🟣 EPSS 42%🦅 CISA Reported📰 News Worthy

What is CVE-2025-5086?

CVE-2025-5086 is a serious vulnerability found in DELMIA Apriso, a software suite developed by Dassault Systèmes that is primarily used for manufacturing and operational processes. This software facilitates real-time monitoring and management of production activities, enabling organizations to improve operational efficiency and adapt to changing market conditions. The identified deserialization vulnerability poses a risk of remote code execution by allowing untrusted data to be processed inappropriately. If exploited, this vulnerability could enable attackers to execute arbitrary code on the server, leading to severe consequences for affected organizations.

Potential impact of CVE-2025-5086

  1. Remote Code Execution: The primary impact of CVE-2025-5086 is the potential for remote code execution. Attackers could gain control over the affected system, leading to unauthorized access to sensitive data, installation of malicious software, or further infiltration into the organizational network.

  2. Operational Disruption: Exploitation of this vulnerability could significantly disrupt manufacturing operations. Unauthorized modifications or control of the software could halt production processes, compromise data integrity, and affect supply chain management, ultimately impacting business continuity.

  3. Data Breach Risks: With the ability to execute code remotely, attackers could potentially extract sensitive information, including proprietary data and customer information. This could result in data breaches, regulatory penalties, and damage to the organization’s reputation, leading to loss of customer trust and financial repercussions.

CISA has reported CVE-2025-5086

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-5086 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

DELMIA Apriso Release 2020 Golden

DELMIA Apriso Release 2021 Golden

DELMIA Apriso Release 2022 Golden

News Articles

favicon imageBleepingComputer

CISA warns of actively exploited Dassault RCE vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a  manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes.

favicon imageThe Hacker News

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning

CISA added CVE-2025-5086 to KEV after active Apriso exploitation; agencies must patch by Oct 2, 2025.

References

https://www.3ds.com/vulnerability/advisories

EPSS Score

42% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 📰

    First article discovered by The Hacker News

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hacktron AI
JSON
.