Close Menu
Cybercrime and Ransomware

Factory Software Vulnerability Under Fire: Exploited in Attacks

Staff WriterBy No Comments4 Mins Read3 Views

Top Highlights

  1. Threat actors are exploiting CVE-2025-5086, a critical deserialization vulnerability in DELMIA Apriso manufacturing software, with a CVSS score of 9.0, impacting versions from 2020 to 2025.
  2. The flaw allows for remote code execution (RCE), was publicly disclosed in June, and has been actively exploited in the wild, prompting urgent patching recommendations from CISA.
  3. CISA added the vulnerability to its KEV list and urged federal agencies to patch by October 2, but has not disclosed specific details of the attacks or whether ransomware has been involved.
  4. Given DELMIA Apriso’s role in connecting factory systems with enterprise resource planning (ERP), organizations using the software are strongly advised to remediate the vulnerability promptly to prevent exploitation.

The Core Issue

Recently, cybersecurity officials from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about hackers exploiting a serious security flaw—known as CVE-2025-5086—in DELMIA Apriso, a software used worldwide in manufacturing industries like aerospace, automotive, and high-tech sectors. This vulnerability, which was publicly disclosed in June but remained relatively technical till now, involves a flaw in how the software handles untrusted data, allowing malicious actors to execute remote code through targeted attacks. Evidence suggests that exploit attempts have already occurred in the wild, with scans originating from a specific IP address, and researchers like Johannes Ullrich have found signs of malicious payloads being sent to the system, which could be used to compromise factory operations connected through DELMIA Apriso. Since the software plays a crucial role in linking factory equipment with enterprise resource planning (ERP) systems, these vulnerabilities pose significant risks to industrial security, prompting urgent calls for affected organizations, especially U.S. federal agencies, to apply patches by October 2 to prevent further exploitation.

Potential Risks

Cybercriminals are actively exploiting a critical vulnerability (CVE-2025-5086, CVSS 9.0) in DELMIA Apriso, a widely used manufacturing software by Dassault Systèmes that manages complex industrial processes across sectors such as aerospace, automotive, and high-tech. This flaw, a deserialization vulnerability affecting releases from 2020 to 2025, allows remote code execution, and has already been exploited in the wild, according to the US Cybersecurity and Infrastructure Security Agency (CISA). The attacks, which remain somewhat opaque in detail, involve malicious payloads that evade detection, highlighting the threat’s sophistication. Given DELMIA Apriso’s pivotal role in linking factory operations with enterprise resource planning systems, exploitation of this vulnerability can lead to severe consequences, including operational disruptions, data breaches, and potential weaponization for ransomware campaigns. Urgently applying patches is critical to prevent attackers from gaining unauthorized control over manufacturing environments and causing widespread industrial and economic damage.

Possible Actions

In today’s fast-paced manufacturing environment, addressing vulnerabilities in DELMIA Factory Software swiftly is crucial to prevent potential disruptions, safeguard sensitive data, and maintain operational integrity. Timely remediation minimizes the risk of exploitation and ensures continuous, secure production processes.

Mitigation Steps

  • Patch Deployment: Apply official security updates promptly to close known vulnerabilities.
  • Access Controls: Restrict software access to authorized personnel only, using robust authentication measures.
  • Network Segmentation: Isolate the affected systems from other network segments to limit the spread of attacks.
  • Monitoring & Alerts: Implement real-time monitoring for suspicious activities related to DELMIA Software.
  • Security Audits: Conduct regular vulnerability assessments and security audits to identify and address system weaknesses.
  • User Training: Educate staff about security best practices and the importance of recognizing potential threats.
  • Backup & Recovery: Maintain recent backups and establish recovery protocols to restore operations quickly if compromised.

Stay Ahead in Cybersecurity

Discover cutting-edge developments in Emerging Tech and industry Insights.

Explore engineering-led approaches to digital security at IEEE Cybersecurity.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.