CVE-2025-5086 - Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability

Vulnerability Name

Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability

Description

Dassault Systèmes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-5086

https://nvd.nist.gov/vuln/detail/CVE-2025-5086

Related News Articles

Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under AttackOctober 29, 2025

CISA warns of two more actively exploited Dassault vulnerabilitiesOctober 29, 2025

CISA warns of actively exploited Dassault RCE vulnerabilitySeptember 13, 2025

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues WarningSeptember 12, 2025