CISA warns of exploited flaw in DELMIA Apriso manufacturing software

On September 11, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-5086 to its Known Exploited Vulnerabilities catalog, confirming that the flaw is being actively targeted in the wild.

CVE-2025-5086 is a critical remote code execution vulnerability in DELMIA Apriso, a manufacturing operations management platform developed by Dassault Systèmes SE, a French software company specializing in 3D design, simulation, and industrial solutions.

The vulnerability affects deployments across manufacturing, logistics, and industrial automation environments, where DELMIA Apriso is often integrated with enterprise resource planning and supervisory control systems.

The flaw, patched by Dassault Systèmes on June 2, 2025, impacts DELMIA Apriso versions from Release 2020 through Release 2025. It stems from deserialization of untrusted data, meaning the system processes data from unknown or untrusted sources in a way that lets a threat actor run malicious code.

The vulnerability is remotely exploitable without authentication and has been assigned a CVSS rating of 9.0, indicating critical severity. If successfully exploited, it could lead to full compromise of factory control systems.

On September 3, the SANS Internet Storm Center reported observing real-world exploitation attempts targeting this vulnerability. Threat actors have been sending malicious network requests to exposed web service endpoints in DELMIA Apriso, attempting to trigger remote code execution by exploiting how the system handles incoming serialized data.

This confirms that CVE-2025-5086 is being actively exploited over the network, without requiring prior access, making it a high-risk vector for industrial environments.

Stay on top of emerging threats like this.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

Analyst insight

For organizations running DELMIA Apriso, especially those with internet-facing components, this vulnerability presents a serious operational risk. Its ability to bypass authentication and execute code remotely makes it a high-value target for threat actors seeking access to operational technology networks.

Exploitation could disrupt manufacturing operations, exfiltrate sensitive production data, or enable lateral movement into enterprise systems.

Organizations should apply the vendor-provided patches immediately across all affected systems. Where patching is not feasible, temporary mitigations include isolating vulnerable systems from external access and enforcing strict network segmentation.

Security teams should monitor for anomalous activity, audit access logs, and implement application-layer controls to detect and block exploit attempts.