Ethical Hacking News
A critical remote code execution flaw in DELMIA Apriso has been identified by CISA, leaving enterprise networks vulnerable to malicious attacks. The vulnerability affects all versions of the software from Release 2020 through Release 2025 and must be addressed by October 2 to prevent exploitation.
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the Dassault Remote Code Execution (RCE) vulnerability, leaving enterprise networks vulnerable to malicious attacks. A critical remote code execution flaw in DELMIA Apriso has been identified by CISA, rated with a critical severity score (CVSS v3: 9.0). DELMIA Apriso is widely used in production processes and enterprises worldwide rely on it for high-quality control, traceability, compliance, and process standardization. CISA has given the federal enterprise sector until October 2 to apply available security updates or mitigations, or stop using DELMIA Apriso.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the actively exploited Dassault Remote Code Execution (RCE) vulnerability, leaving enterprise networks vulnerable to malicious attacks.
A critical remote code execution flaw in DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes, has been identified by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The agency added the vulnerability, tracked as CVE-2025-5086 and rated with a critical severity score (CVSS v3: 9.0), to the Known Exploited Vulnerabilities (KEV) list.
DELMIA Apriso is widely used in production processes for digitalizing and monitoring, as well as scheduling production, quality management, resource allocation, warehouse management, and integration between production equipment and business applications. Enterprises worldwide rely on this solution to achieve high-quality control, traceability, compliance, and a high level of process standardization.
The vulnerability is a deserialization of untrusted data flaw that may lead to remote code execution (RCE). The vendor disclosed the issue on June 2, noting that it affects all versions of DELMIA Apriso from Release 2020 through Release 2025, without sharing many details.
On September 3, threat researcher Johannes Ullrich published a post on SANS ISC disclosing observation of active exploitation attempts leveraging CVE-2025-5086. The observed exploit involves sending a malicious SOAP request to vulnerable endpoints that loads and executes a Base64-encoded, GZIP-compressed .NET executable embedded in the XML.
The actual payload is a Windows executable tagged as malicious by Hybrid Analysis and flagged only by one engine in VirusTotal. The malicious requests were observed originating from the IP 156.244.33[.]162, likely associated with automated scans.
CISA has given the federal enterprise sector until October 2 to apply available security updates or mitigations, or stop using DELMIA Apriso. Although the BOD 22-01 guidance is binding only for federal agencies, private organizations worldwide should also consider CISA's warning and take appropriate action.
This vulnerability highlights the importance of keeping software up-to-date and applying security patches in a timely manner. Enterprises must prioritize their cybersecurity posture to prevent malicious attacks that can compromise sensitive data and disrupt critical operations.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Warnings-Dassault-RCE-Vulnerability-Leaves-Enterprise-Networks-Exposed-to-Malicious-Attacks-ehn.shtml
Published: Fri Sep 12 12:53:59 2025 by llama3.2 3B Q4_K_M
