Pierluigi Paganini September 12, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dassault Systèmes DELMIA Apriso flaw to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dassault Systèmes DELMIA Apriso flaw, tracked as CVE-2025-5086 (CVSS score of 9.0), to its Known Exploited Vulnerabilities (KEV) catalog.

Dassault Systèmes DELMIA Apriso is a Manufacturing Operations Management (MOM) software platform designed to help industrial companies manage, monitor, and optimize their global manufacturing operations.

The vulnerability is a deserialization of untrusted data issue affecting DELMIA Apriso from Release 2020 through Release 2025. An attacker could trigger the flaw to execute arbitrary code remotely.

Hacktron AI reported the vulnerability.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerabilities by October 2, 2025.

Last week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Sitecore, Android, and Linux to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the descriptions for these flaws:

• CVE-2025-53690 Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability
• CVE-2025-38352 Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability
• CVE-2025-48543 Android Runtime Unspecified Vulnerability

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)