Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the Dassault Systèmes DELMIA Apriso software platform to its Known Exploited Vulnerabilities catalog, warning industrial companies of potential cyber threats. The move is part of the agency's ongoing efforts to protect against emerging security risks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Dassault Systèmes DELMIA Apriso software platform to its Known Exploited Vulnerabilities catalog. The vulnerability, CVE-2025-5086, has a Critical Security Impact of 9.0 and allows an attacker to execute arbitrary code remotely. Dassault Systèmes DELMIA Apriso is a Manufacturing Operations Management software platform used by organizations for supply chain management, inventory control, and production planning. CISA recommends that private organizations review the catalog and patch software, update operating systems, and implement robust security controls to address the vulnerability.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical vulnerability in the Dassault Systèmes DELMIA Apriso software platform to its Known Exploited Vulnerabilities catalog. This move is intended to alert industrial companies and other organizations that use the platform to take necessary precautions against potential cyber threats.
The vulnerability, tracked as CVE-2025-5086, has a Critical Security Impact of 9.0 according to the Common Vulnerability Scoring System (CVSS). It is a deserialization of untrusted data issue affecting DELMIA Apriso from Release 2020 through Release 2025. In simpler terms, this means that an attacker could potentially execute arbitrary code remotely by exploiting the vulnerability in the software.
Dassault Systèmes DELMIA Apriso is a Manufacturing Operations Management (MOM) software platform designed to help industrial companies manage, monitor, and optimize their global manufacturing operations. As such, it is likely that many organizations use this platform for critical functions such as supply chain management, inventory control, and production planning.
The inclusion of this vulnerability in the CISA's Known Exploited Vulnerabilities catalog is a clear indication that the agency believes the risk associated with this flaw is significant enough to warrant attention from organizations that use the software. According to the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies are required to address identified vulnerabilities by a specified due date.
Experts and industry watchers recommend that private organizations review the CISA's catalog and take steps to address the vulnerabilities in their infrastructure. This includes patching software, updating operating systems, and implementing robust security controls such as firewalls, intrusion detection systems, and antivirus software.
In addition to the Dassault Systèmes DELMIA Apriso vulnerability, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added Sitecore, Android, and Linux to its Known Exploited Vulnerabilities catalog. These additions highlight the importance of staying vigilant against cyber threats and taking proactive steps to protect sensitive data.
The recent addition of the Dassault Systèmes DELMIA Apriso flaw to the CISA's catalog serves as a reminder that software vulnerabilities can have significant consequences for organizations, particularly those in critical infrastructure sectors such as manufacturing. By acknowledging the risk associated with this vulnerability and providing guidance on how to address it, the CISA is helping to protect the nation's industrial base against potential cyber threats.
In conclusion, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the Dassault Systèmes DELMIA Apriso software platform to its Known Exploited Vulnerabilities catalog. This move highlights the importance of staying vigilant against cyber threats and taking proactive steps to protect sensitive data.
Related Information:
https://www.ethicalhackingnews.com/articles/US-CISA-Adds-Dassault-Systmes-DELMIA-Apriso-Flaw-to-Known-Exploited-Vulnerabilities-Catalog-A-Security-Alert-for-Industrial-Companies-ehn.shtml
https://securityaffairs.com/182120/hacking/u-s-cisa-adds-dassault-systemes-delmia-apriso-flaw-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2025-5086
https://www.cvedetails.com/cve/CVE-2025-5086/
Published: Fri Sep 12 03:03:47 2025 by llama3.2 3B Q4_K_M
