CVE-2025-5086 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-06-02

Added to CISA KEV: 2025-09-11 101 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

⚠️ CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity before patching
Apply vendor patches immediately for all internet-facing DELMIA Apriso instances
Implement network segmentation to restrict internet access if possible
Monitor for deserialization attack patterns and unusual network traffic to DELMIA Apriso services
CRITICAL patch priority - treat as emergency due to active exploitation

🔍 Web Intelligence (Kagi · 2025-09-11)

CVE-2025-5086 is a critical vulnerability affecting Dassault DELMIA Apriso (Release 2020 through 2025) that could lead to remote code execution due to deserialization of untrusted data ^[1]^[2]. Here's a breakdown of what is known about its exploitation:

Affected Applications/Services: DELMIA Apriso is affected by this vulnerability ^[1]^[2].
Internet-Facing: This vulnerability affects internet-facing applications and services ^[3].
Active Exploitation: There have been observed exploit attempts in the wild targeting this vulnerability ^[2]^[4]. However, recent telemetry suggests that exploitation has significantly declined, with attack volumes falling below the long-term average ^[5].
Attack Vectors/Exploitation Methods: The vulnerability is a deserialization issue, meaning it arises from the application's failure to properly validate data received from untrusted sources ^[1]^[2]. Exploitation involves sending malicious serialized data to the DELMIA Apriso application, which, when deserialized, leads to remote code execution ^[1]^[2].
Targeted Attacks: Attackers include both opportunistic and targeted actors, employing reconnaissance and indiscriminate scanning techniques ^[3].
CISA KEV Status: There is no explicit confirmation that CVE-2025-5086 has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog ^[6]^[7].
Technical Details/Internet Exploitability: While the attack complexity is considered high, the fact that it requires no privileges makes it a viable target ^[8]. The more remote an attacker can be (logically and physically), the more severe the vulnerability ^[3]. Successful exploitation could allow attackers to execute arbitrary code remotely without requiring user interaction, potentially leading to complete system compromise ^[9].

Sources

Exploit Attempts for Dassault DELMIA Apriso. CVE-2025- ...
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code ...
Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution. Either way, we are seeing exploits for DELMIA Apriso related issues.
A deserialization of untrusted data vulnerability... · CVE-2025-5086...
Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability. · Attack ...
CVE-2025-5086 (CVSS 9.0): A Critical RCE in DELMIA Apriso ...
A critical deserialization flaw (CVE-2025-5086) in DELMIA Apriso could allow remote code execution. Exploit attempts have been seen in the ...
DELMIA Apriso - RCE (CVE-2025-5086)
CrowdSec network telemetry also shows that exploitation of CVE-2025-5086 has significantly declined over the past week. Attack volumes are well below the long-term average, suggesting attackers are rapidly losing interest. The vulnerability appears to be falling out of active use across most threat…

🔴 CVE-2025-5086

📋 Vulnerability Details

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-09-11)

Sources