DELMIA Factory Software Vulnerability Exploited in Attacks

Threat actors are exploiting a critical-severity vulnerability in DELMIA Apriso factory software, the US cybersecurity agency CISA warns.

Developed by French company Dassault Systèmes, DELMIA Apriso is a manufacturing operations management (MOM) and manufacturing execution system (MES) software designed for managing every detail of the manufacturing process. The software is used in North America, Europe, and Asia, including in the aerospace and defense, automotive, high-tech, and industrial equipment industries.

Tracked as CVE-2025-5086 (CVSS score of 9.0), the security defect is described as a deserialization of untrusted data issue and impacts DELMIA Apriso releases 2020 through 2025.

The bug was publicly disclosed in June, but the vendor’s advisory did not share technical information on it, other than that it could be exploited for remote code execution (RCE).

On Thursday, CISA added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, warning that it has been exploited in the wild ...