CVE-2025-5086 – CVE-2025-5086 is a deserialization vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-5086?

CVE-2025-5086 has a CVSS score of 9.0 (CRITICAL). CVE-2025-5086 is a deserialization vulnerability in Dassault Systèmes DELMIA Apriso that allows remote attackers to execute arbitrary code by sending specially crafted data. This affects all Apriso installations from Release 2020 through Release 2025. Organizations using these versions for manufacturing operations management are at risk.

📋 TL;DR

CVE-2025-5086 is a deserialization vulnerability in Dassault Systèmes DELMIA Apriso that allows remote attackers to execute arbitrary code by sending specially crafted data. This affects all Apriso installations from Release 2020 through Release 2025. Organizations using these versions for manufacturing operations management are at risk.

💻 Affected Systems

Products:

Dassault Systèmes DELMIA Apriso

Versions: Release 2020 through Release 2025

Operating Systems: Windows Server (typical deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: All standard installations within the affected version range are vulnerable. The vulnerability exists in the deserialization mechanism of Apriso components.

📦 What is this software?

Delmia Apriso by 3ds

View all CVEs affecting Delmia Apriso →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, steal sensitive manufacturing data, disrupt production operations, and pivot to other network systems.

🟠

Likely Case

Remote code execution leading to data theft, ransomware deployment, or disruption of manufacturing processes.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only affecting isolated Apriso components.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CISA has confirmed active exploitation in the wild. The vulnerability is being actively targeted by threat actors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact Dassault Systèmes for specific patch information

Vendor Advisory: https://www.3ds.com/vulnerability/advisories

Restart Required: Yes

Instructions:

1. Contact Dassault Systèmes support for the specific security patch
2. Apply the patch following vendor instructions
3. Restart Apriso services as required
4. Test functionality after patching

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Apriso systems from internet and restrict internal network access

Application Firewall Rules

all

Implement WAF rules to block suspicious deserialization patterns

🧯 If You Can't Patch

Immediately isolate Apriso systems from internet and restrict to necessary internal access only
Implement strict network monitoring and alerting for suspicious Apriso-related traffic

🔍 How to Verify

Check if Vulnerable:

Check Apriso version against affected range (2020-2025 releases). Review system logs for deserialization errors or suspicious activity.

Check Version:

Check through Apriso administration interface or consult system documentation

Verify Fix Applied:

Verify patch installation through Apriso administration console and confirm version is no longer in vulnerable range.

📡 Detection & Monitoring

Log Indicators:

Unusual deserialization errors in Apriso logs
Suspicious process creation from Apriso services
Unexpected network connections from Apriso systems

Network Indicators:

Unusual traffic patterns to/from Apriso ports
Suspicious serialized data payloads in network traffic

SIEM Query:

source="apriso*" AND (event_type="deserialization_error" OR process_name="cmd.exe" OR process_name="powershell.exe")

📊 Metadata

CVE ID: CVE-2025-5086

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-502

EPSS Score: 45.73% exploit probability (97.5th percentile)

CISA KEV: Actively Exploited added Sep 11, 2025

Published: June 2, 2025

Last Updated: October 29, 2025

🔗 References

https://www.3ds.com/vulnerability/advisories Vendor Advisory
https://isc.sans.edu/diary/Exploit+Attempts+for+Dassault+DELMIA+Apriso+CVE20255086/32256 Exploit,Technical Description,Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5086 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5086, you might also want to check these: