Dassault Systèmes DELMIA Apriso MOM deserialization flaw (CVE-2025-5086)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-5086 in Dassault Systèmes DELMIA Apriso MOM is now actively exploited, putting Release 2020 through Release 2025 deployments at risk of remote code execution. The flaw is a deserialization of untrusted data vulnerability, and CISA added it to the KEV catalog because exploitation is already being observed. FCEB agencies were told to apply the required updates by October 2, 2025.
Cases
Related Happenings
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector Action
First: 08.04.2026 21:15
Last: 08.04.2026 21:15
Sources 1
About this happening:
**CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
CISA KEV listing and FCEB patch order for Ivanti EPMM
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-1340** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Ivanti Endpoint Manager Mobile (EPMM)** by **Saturday midnight, April 11**, forcin...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector Action
First: 17.03.2026 07:23
Last: 17.03.2026 07:23
Sources 1
About this happening:
CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA KEV listing for Wing FTP CVE-2025-47813
Public Sector ActionAbout this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...
CISA adds two Roundcube flaws to KEV catalog
Public Sector Action
First: 21.02.2026 09:21
Last: 21.02.2026 09:21
Sources 1
About this happening:
**CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...
CISA adds two Roundcube flaws to KEV catalog
Public Sector ActionAbout this happening: **CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/Mitigation
First: 20.02.2026 19:02
Last: 20.02.2026 19:02
Sources 1
About this happening:
CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/MitigationAbout this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation Wave
First: 18.02.2026 08:52
Last: 18.02.2026 08:52
Sources 1
About this happening:
**CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...
CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation WaveAbout this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...
Timeline
-
12.09.2025 19:19 1 articles · 8mo ago
Dassault Systèmes discloses DELMIA Apriso deserialization flaw
Technical Analysis UpdateDassault Systèmes disclosed a deserialization of untrusted data vulnerability in DELMIA Apriso that may lead to remote code execution (RCE) and affects all versions from Release 2020 through Release 2025.
Show sources
- CISA warns of actively exploited Dassault RCE vulnerability — www.bleepingcomputer.com — 12.09.2025 19:19
-
12.09.2025 19:19 1 articles · 8mo ago
Active exploitation attempts observed against DELMIA Apriso
Exploitation ObservedOn September 3, active exploitation attempts leveraging CVE-2025-5086 were observed against vulnerable DELMIA Apriso endpoints using malicious SOAP requests that loaded and executed a Base64-encoded, GZIP-compressed .NET executable embedded in XML.
Show sources
- CISA warns of actively exploited Dassault RCE vulnerability — www.bleepingcomputer.com — 12.09.2025 19:19
-
12.09.2025 14:03 3 articles · 8mo ago
CISA adds CVE-2025-5086 in DELMIA Apriso to KEV
Initial DisclosureCISA added CVE-2025-5086 in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) to the Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation. Dassault says the flaw affects Release 2020 through Release 2025 and can lead to remote code execution through deserialization of untrusted data. SANS Internet Storm Center reported exploitation attempts from 156.244.33[.]162, geolocating to Mexico, against /apriso/WebServices/FlexNetOperationsService.svc/Invoke with a Base64-encoded payload that decodes to a GZIP-compressed Windows executable (fwitxz01.dll), which Kaspersky flags as Trojan.MSIL.Zapchast.gen. Federal Civilian Executive Branch (FCEB) agencies were advised to apply updates by October 2, 2025.
Show sources
- Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning — thehackernews.com — 12.09.2025 14:03
- CISA warns of actively exploited Dassault RCE vulnerability — www.bleepingcomputer.com — 12.09.2025 19:19
- CISA warns of actively exploited Dassault RCE vulnerability — www.bleepingcomputer.com — 12.09.2025 19:19
-
12.09.2025 14:03 3 articles · 8mo ago
CISA adds CVE-2025-5086 in DELMIA Apriso to KEV
Initial DisclosureCISA added CVE-2025-5086 in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) to the Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation. Dassault says the flaw affects Release 2020 through Release 2025 and can lead to remote code execution through deserialization of untrusted data. SANS Internet Storm Center reported exploitation attempts from 156.244.33[.]162, geolocating to Mexico, against /apriso/WebServices/FlexNetOperationsService.svc/Invoke with a Base64-encoded payload that decodes to a GZIP-compressed Windows executable (fwitxz01.dll), which Kaspersky flags as Trojan.MSIL.Zapchast.gen. Federal Civilian Executive Branch (FCEB) agencies were advised to apply updates by October 2, 2025.
Show sources
- Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning — thehackernews.com — 12.09.2025 14:03
- CISA warns of actively exploited Dassault RCE vulnerability — www.bleepingcomputer.com — 12.09.2025 19:19
- CISA warns of actively exploited Dassault RCE vulnerability — www.bleepingcomputer.com — 12.09.2025 19:19