Urgent Warning: CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Alerts Public

September 12, 2025
Vulnerability / Cybersecurity Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical security vulnerability in Dassault Systèmes’ DELMIA Apriso Manufacturing Operations Management (MOM) software. This flaw, known as CVE-2025-5086, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. With a CVSS score of 9.0 out of 10.0, the issue affects versions from Release 2020 to Release 2025.

According to Dassault, the vulnerability involves the deserialization of untrusted data, potentially allowing for remote code execution. The alert follows reports from the SANS Internet Storm Center regarding exploitation attempts traced to an IP address in Mexico. Attackers are reportedly sending HTTP requests to the “/apriso/WebServices/FlexNetOperationsService.sv…” endpoint.

Critical Vulnerability CVE-2025-5086 in DELMIA Apriso Actively Exploited; CISA Raises Alarm

On September 12, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) elevated concerns regarding a serious security vulnerability in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software by adding it to its Known Exploited Vulnerabilities (KEV) catalog. This decision follows emerging evidence indicating that the flaw, designated as CVE-2025-5086, is currently being exploited in the wild. The vulnerability has been assigned a high Common Vulnerability Scoring System (CVSS) score of 9.0 out of 10.0, highlighting its critical nature.

According to Dassault, this vulnerability affects versions of DELMIA Apriso from Release 2020 to Release 2025. CISA’s advisory specifies that the identified issue centers on a deserialization of untrusted data, which could potentially allow malicious actors to execute remote code on affected systems. Such a breach poses significant risks to the integrity and security of manufacturing operations that rely on this software.

The impetus for CISA’s warning can be traced back to reports from the SANS Internet Storm Center, which noted attempts to exploit this vulnerability originating from an IP address traced to Mexico. These attacks involved the submission of an HTTP request targeting a specific service within the software infrastructure, highlighting the evolving tactics employed by cyber adversaries.

In evaluating the attack vector of CVE-2025-5086, it is imperative to consider the potential MITRE ATT&CK tactics that may have been leveraged. Initial access techniques could include exploiting the vulnerability to gain foothold within the target environment, while subsequent actions may involve persistence strategies to maintain access. Privilege escalation could also be a key concern, allowing attackers to secure higher-level permissions following their initial exploitation.

Organizations utilizing DELMIA Apriso are strongly urged to assess their version of the software and implement available patches to mitigate any risks associated with this vulnerability. As the cybersecurity landscape continues to evolve, staying vigilant and informed remains crucial for business owners. The proactive identification and remediation of vulnerabilities like CVE-2025-5086 is essential in safeguarding critical infrastructure against sophisticated cyber threats.

In summary, this recent development serves as a stark reminder of the vulnerabilities that can exist within operational software, posing substantial risks not only to individual organizations but potentially affecting broader supply chains and industry sectors. Business owners are advised to remain aware of such vulnerabilities, particularly those that have been recognized by regulatory bodies like CISA, to ensure the continued security of their operations.

Source link

Related Posts

Apple Alerts French Users of Fourth Spyware Campaign in 2025, Confirms CERT-FR

Sep 12, 2025

Apple has warned users in France about a new spyware campaign affecting their devices, as confirmed by the Computer Emergency Response Team of France (CERT-FR). Alerts were issued on September 3, 2025, marking the fourth occurrence this year where Apple notified citizens that at least one device linked to their iCloud accounts may have been compromised through targeted attacks. CERT-FR did not disclose specifics regarding the reasons behind these alerts. Previous notifications were sent on March 5, April 29, and June 25. Apple has been issuing these warnings since November 2021. According to CERT-FR, “These sophisticated attacks target individuals based on their status or role, including journalists, lawyers, activists, politicians, and senior officials in key sectors.” This news arrives shortly after a security vulnerability in WhatsApp (CVE-2025-55177, CVSS score: 5.4) was linked to similar threats.

FBI Alerts on UNC6040 and UNC6395 Targeting Salesforce for Data Theft

September 13, 2025
Cyber Attack / Data Breach

The FBI has released a flash alert highlighting indicators of compromise linked to two cybercriminal groups, UNC6040 and UNC6395, known for their recent data theft and extortion campaigns. Both groups have been reported to target organizations’ Salesforce platforms using various initial access methods.

UNC6395 has been notably associated with a significant data theft operation in August 2025, where compromised OAuth tokens from the Salesloft Drift application were exploited. This vulnerability stemmed from a breach of Salesloft’s GitHub account between March and June 2025. In response, Salesloft has isolated the Drift infrastructure and temporarily disabled the AI chatbot application while implementing enhanced multi-factor authentication measures.