CVE-2025-5086

Name of the Vulnerable Software and Affected Versions DELMIA Apriso versions 2020 through 2025

Description DELMIA Apriso is affected by a deserialization of untrusted data issue that could lead to remote code execution. This vulnerability is actively exploited and has been observed in attacks utilizing malicious SOAP requests delivering .NET payloads. Exploitation has been traced to Mexico and involves the use of the Trojan.MSIL.Zapchast.gen malware. The vulnerability impacts industries such as aerospace, automotive, manufacturing, and industrial machinery. CISA has added this vulnerability, tracked as CVE-2025-5086, to its Known Exploited Vulnerabilities (KEV) Catalog, requiring federal agencies to patch or mitigate by October 2nd. The vulnerability allows unauthenticated attackers to execute code remotely.

Recommendations Apply vendor patches for DELMIA Apriso versions 2020 through 2025. Validate deserialized data to prevent malicious payloads from being processed. As a temporary workaround, discontinue usage of DELMIA Apriso versions 2020 through 2025 if a patch is unavailable.