The US cybersecurity agency, CISA, has issued a warning that hackers are actively exploiting a critical vulnerability in DELMIA Apriso, a software used to manage manufacturing operations. The software is developed by the French company Dassault Systèmes and is used in various industries, including aerospace and defense, automotive, and high-tech, across North America, Europe, and Asia.
The security flaw, tracked as CVE-2025-5086, has a critical severity score of 9.0 and is described as a deserialization of untrusted data issue. It impacts DELMIA Apriso versions from 2020 through 2025. Although the vendor publicly disclosed the bug in June, it did not provide technical details, only stating that it could be exploited for remote code execution.
On Thursday, CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming that it has been exploited in the wild. The agency has mandated that federal agencies patch the flaw by October 2. CISA has not provided details on the observed attacks and has not confirmed whether the vulnerability has been used in ransomware attacks.
CISA’s alert comes about a week after a researcher from the SANS Internet Storm Center warned of exploitation attempts targeting the vulnerability. The researcher's analysis of the requests uncovered an encoded executable that did not trigger antivirus detections but was flagged as malicious by other security tools.
Given the central role DELMIA Apriso plays in connecting factory equipment with ERP systems, organizations are advised to address the exploited vulnerability as soon as possible to prevent potential disruption.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
