Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA adds CVE-2025-5086 to KEV catalog

Public Sector Action
First reported
Last updated
Happening score
H score 50
2 unique sources, 2 articles

Summary

Hide ▲

CISA added CVE-2025-5086 affecting Dassault Systèmes DELMIA Apriso MOM to its Known Exploited Vulnerabilities (KEV) catalog, formalizing the flaw as an actively exploited federal priority. The move elevates patch urgency because the bug can enable remote code execution and affects Release 2020 through Release 2025. FCEB agencies were told to apply updates by October 2, 2025.

Related Happenings

CISA KEV action for CVE-2026-31431 and FCEB remediation

Public Sector Action
First: 03.05.2026 09:26 Last: 03.05.2026 09:26 Sources 1

About this happening: CISA added **CVE-2026-31431** to its **KEV catalog**, putting **Federal Civilian Executive Branch (FCEB)** agencies on notice to remediate an actively exploited Linux privilege-es...

Open Happening

CISA adds ScreenConnect and Windows flaws to KEV

Public Sector Action
First: 29.04.2026 11:46 Last: 29.04.2026 11:46 Sources 1

About this happening: CISA added **CVE-2024-1708** and **CVE-2026-32202** to the **KEV catalog**, elevating the flaws to a **federal remediation priority** because they are being **actively exploited**...

Open Happening

CISA KEV listing and FCEB ActiveMQ patch order

Public Sector Action
First: 17.04.2026 12:30 Last: 17.04.2026 12:30 Sources 1

About this happening: **CISA** added **CVE-2026-34197** to the **KEV Catalog** and ordered **FCEB** agencies to patch **Apache ActiveMQ** servers within **two weeks**. The directive sets a hard **April...

Open Happening

NIST CVE/NVD prioritization shift

Public Sector Action
First: 17.04.2026 00:47 Last: 17.04.2026 00:47 Sources 1

About this happening: **NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...

Open Happening

NIST/NVD risk-based CVE enrichment change

Public Sector Action
First: 16.04.2026 15:43 Last: 16.04.2026 15:43 Sources 1

About this happening: **NIST** said the **US National Vulnerability Database (NVD)** will switch to a **risk-based CVE enrichment** model to cope with backlog growth. The change will **drop enrichment...

Open Happening

Timeline

  1. 12.09.2025 19:19 1 articles · 8mo ago

    Dassault Systèmes discloses DELMIA Apriso deserialization flaw

    Initial Disclosure

    Dassault Systèmes disclosed a deserialization of untrusted data vulnerability in DELMIA Apriso that can lead to remote code execution, affecting Release 2020 through Release 2025.

    Show sources
    Open in new tab
  2. 12.09.2025 19:19 1 articles · 8mo ago

    Active exploitation attempts target CVE-2025-5086

    Exploitation Observed

    Johannes Ullrich observed active exploitation attempts leveraging CVE-2025-5086, using malicious SOAP requests to vulnerable endpoints that load and execute a Base64-encoded, GZIP-compressed .NET executable embedded in XML; the requests originated from 156.244.33[.]162, likely tied to automated scans.

    Show sources
    Open in new tab
  3. 12.09.2025 14:03 2 articles · 8mo ago

    CISA adds CVE-2025-5086 to KEV

    Industry Or Public Sector Update

    CISA added CVE-2025-5086 in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) to the Known Exploited Vulnerabilities catalog after evidence of active exploitation, citing a deserialization of untrusted data flaw that can lead to remote code execution and directing Federal Civilian Executive Branch agencies to apply updates by October 2, 2025.

    Show sources
    Open in new tab
  4. 12.09.2025 14:03 2 articles · 8mo ago

    SANS and Kaspersky detail exploitation indicators for CVE-2025-5086

    Detection Ioc Update

    The SANS Internet Storm Center reported exploitation attempts against CVE-2025-5086 from 156.244.33[.]162, which geolocates to Mexico, and Kaspersky flagged the associated DLL as Trojan.MSIL.Zapchast.gen, a spyware-capable malware family that can capture keyboard input, screenshots, and active application lists.

    Show sources
    Open in new tab
  5. 12.09.2025 14:03 2 articles · 8mo ago

    SANS and Kaspersky detail exploitation indicators for CVE-2025-5086

    Detection Ioc Update

    The SANS Internet Storm Center reported exploitation attempts against CVE-2025-5086 from 156.244.33[.]162, which geolocates to Mexico, and Kaspersky flagged the associated DLL as Trojan.MSIL.Zapchast.gen, a spyware-capable malware family that can capture keyboard input, screenshots, and active application lists.

    Show sources
    Open in new tab