Cybersecurity authorities have raised alarms over a critical vulnerability affecting DELMIA Apriso, a widely used factory software developed by Dassault Systèmes. This manufacturing operations management (MOM) and manufacturing execution system (MES) is employed across North America, Europe, and Asia in industries such as aerospace, automotive, high-tech, and industrial equipment.

The flaw, tracked as CVE-2025-5086 and assigned a CVSS score of 9.0, involves the deserialization of untrusted data, potentially allowing attackers to achieve remote code execution (RCE). The vulnerability impacts DELMIA Apriso versions released between 2020 and 2025. While the bug was publicly disclosed in June, technical details were limited, aside from the potential for exploitation.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming that it has been actively targeted in the wild. Federal agencies are required to patch the flaw by October 2 as part of the Binding Operational Directive (BOD) 22-01.

Independent researchers, including Johannes Ullrich from the SANS Internet Storm Center, have reported attempts to exploit this deserialization flaw. Observed attack traffic included encoded strings that decoded into a compressed Windows executable, which bypassed VirusTotal detection but was flagged as malicious by Hybrid Analysis. These requests may have originated from automated vulnerability scanners.

Due to DELMIA Apriso’s critical role in connecting factory systems with ERP platforms, unpatched installations could expose industrial environments to significant operational and security risks. Organizations using the software are strongly advised to implement the patch immediately and review their monitoring systems for signs of attempted exploitation.

Source: https://www.securityweek.com/delmia-factory-software-vulnerability-exploited-in-attacks