DELMIA Factory Software Vulnerability Exploited in Attacks

Developed by French company Dassault Systèmes, DELMIA Apriso is a manufacturing operations management (MOM) and manufacturing execution system (MES) software designed for managing every detail of the manufacturing process. The software is used in North America, Europe, and Asia, including in the aerospace and defense, automotive, high-tech, and industrial equipment industries.

Tracked as CVE-2025-5086 (CVSS score of 9.0), the security defect is described as a deserialization of untrusted data issue and impacts DELMIA Apriso releases 2020 through 2025.

The bug was publicly disclosed in June, but the vendor’s advisory did not share technical information on it, other than that it could be exploited for remote code execution (RCE).

On Thursday, CISA added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, warning that it has been exploited in the wild and urging federal agencies to patch it by October 2, as mandated by the Binding Operational Directive (BOD) 22-01.

The cybersecurity agency has not provided details on the observed attacks either and did not specify whether CVE-2025-5086 has been exploited in ransomware attacks.

CISA’s alert comes roughly one week after Johannes Ullrich of the SANS Internet Storm Center warned of exploitation attempts targeting the vulnerability.

To read the complete article see: DELMIA Factory Software Vulnerability Exploited in Attacks