A critical remote code execution vulnerability (CVE-2025-5086) has been identified in Dassault Systèmes’ DELMIA Apriso, affecting manufacturing and industrial systems worldwide. Active exploitation attempts have been observed, prompting urgent security updates for affected organizations. #CVE-2025-5086 #DassaultSystèmes #DELMIAApriso #CISA
Keypoints
- The vulnerability CVE-2025-5086 affects all versions of DELMIA Apriso from 2020 to 2025.
- Exploitation involves malicious SOAP requests that execute embedded GZIP-compressed .NET payloads.
- Active hacking attempts have been traced to IP address 156.244.33[.]162.
- CISA has added the vulnerability to the Known Exploited Vulnerabilities list and warns for urgent patching.
- Organizations are advised to apply updates or disable DELMIA Apriso by October 2 to mitigate risks.