Full Report
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes. [...]
Analysis Summary
# Vulnerability: Dassault DELMIA Apriso Remote Code Execution (RCE)
## CVE Details
- CVE ID: CVE-2025-5086
- CVSS Score: 9.0 (Critical)
- CWE: Deserialization of Untrusted Data
## Affected Systems
- Products: Dassault Systèmes DELMIA Apriso (Manufacturing Operations Management/Execution solution)
- Versions: Release 2020 through Release 2025 (All versions within this range)
- Configurations: Systems running vulnerable versions accessible via network endpoints processing SOAP requests.
## Vulnerability Description
The vulnerability is a critical deserialization of untrusted data flaw within DELMIA Apriso that can allow for Remote Code Execution (RCE). An attacker can exploit this by sending a specially crafted SOAP request to vulnerable endpoints. The deserialization process then executes embedded malicious data.
## Exploitation
- Status: Actively exploited in the wild (Added to CISA KEV catalog)
- Complexity: Not explicitly detailed, but RCE vulnerabilities are generally considered high impact. The observed exploit involves crafted SOAP requests.
- Attack Vector: Network
## Impact
- Confidentiality: High (Implied by RCE)
- Integrity: High (Implied by RCE)
- Availability: High (Implied by RCE)
## Remediation
### Patches
- The vendor disclosed the issue on June 2, 2025. Specific patch versions are not detailed in the source, but users must apply the vendor's available security updates for versions supporting Release 2025 and newer.
### Workarounds
- Organizations should review vendor advisories for recommended mitigations if immediate patching is not possible, especially given CISA's binding mandate for federal agencies by October 2, 2025.
## Detection
- Indicators of compromise include observation of malicious SOAP requests targeting vulnerable endpoints.
- Detection methods should focus on network traffic analysis for abnormal SOAP requests containing embedded payloads, particularly those attempting to initiate remote execution after deserialization.
## References
- Vendor Security Advisory: hxxps://www.3ds.com/trust-center/security/security-advisories/cve-2025-5086
- SANS ISC Disclosure: hxxps://isc.sans.edu/diary/Exploit+Attempts+for+Dassault+DELMIA+Apriso+CVE20255086/32256/
- CISA KEV Update: hxxps://www.cisa.gov/news-events/alerts/2025/09/11/cisa-adds-one-known-exploited-vulnerability-catalog