External risk intelligence

DELMIA Apriso: Remote Code Execution Risk

CVE advisoryKnown Exploit

CVE-2025-5086

A deserialization vulnerability in DELMIA Apriso may allow remote code execution. This could impact business operations and data security for affected organizations. Organizations should address this risk to mitigate potential business disruption.

3Halo Surface Signal

Deserialization

3ds Delmia Apriso

2020 to 2025

External exposure likelihood

Halo Surface Signal score for CVE-2025-5086

DELMIA Apriso is a manufacturing execution system typically deployed within corporate or industrial network perimeters to manage factory operations. While it is a server-based application that may have web interfaces, it is generally not designed to be directly exposed to the public internet, though it is plausibly reachable in some specific deployment environments.

Horizon Alert

Summary of the vulnerability and why it matters

Certain versions of DELMIA Apriso are affected by a vulnerability related to the deserialization of untrusted data. This flaw can allow unauthorized code to be executed on affected systems. The potential impact could involve significant disruption to operations and compromise of sensitive business data.

Vulnerable: DELMIA Apriso
Flaw: Untrusted data deserialization
Impact: Remote code execution

Attack Path

How an attacker could exploit the issue

A deserialization of untrusted data vulnerability within DELMIA Apriso allows for remote code execution. This occurs when an attacker can send specially crafted data to the application. The application then processes this data in a way that permits the attacker to run arbitrary code. This could result in unauthorized access or modification of system data and operations.

Exposure condition: External network access.
Attacker starting point: Unauthenticated network access.
Trigger and result: Deserializing untrusted data allows code execution.

Live Threat

Current exploitation, exposure, and threat context

A vulnerability exists in DELMIA Apriso that could allow an attacker to execute arbitrary code remotely. This could compromise affected systems and sensitive data within an organization. The potential for significant business disruption warrants careful consideration of this threat.

Attacker skill level: High.
Required access or conditions: Network access, no user interaction.
Business risk or urgency: High.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The deserialization of untrusted data vulnerability in DELMIA Apriso, affecting releases from 2020 through 2025, presents a critical risk of remote code execution for affected organizations. This vulnerability could allow an attacker to execute arbitrary code on a system, potentially leading to a significant compromise of business operations and sensitive data. Organizations utilizing these versions of DELMIA Apriso should prioritize addressing this security concern to mitigate potential business risk.

Identify all DELMIA Apriso instances.
Reduce exposure or isolate systems.
Apply vendor fix, verify, and monitor.

Frequently asked questions

What is DELMIA Apriso and what is its purpose in manufacturing?

DELMIA Apriso is a Manufacturing Execution System (MES) and Manufacturing Operations Management (MOM) platform used to provide real-time visibility and control over global production processes [3, 9, 12]. It helps manufacturers streamline operations, manage production scheduling, enforce quality compliance, and synchronize activities from the shop floor to the enterprise level [3, 9, 12]. Apriso is utilized for functions such as production management, quality control, warehouse operations, and maintenance [3,...

What type of vulnerability is CVE-2025-5086 in DELMIA Apriso?

CVE-2025-5086 is a deserialization of untrusted data vulnerability within DELMIA Apriso [1, 5, 6, 8, 14]. This weakness occurs when the application processes serialized data from untrusted sources without adequate validation, allowing an attacker to potentially execute arbitrary code on the system [1, 5, 6, 8].

How can CVE-2025-5086 be exploited in DELMIA Apriso?

An attacker can exploit this vulnerability by sending a specially crafted, serialized payload to a network-accessible DELMIA Apriso endpoint [1, 6, 10]. This payload is processed by the application, leading to the deserialization of untrusted data and enabling the execution of arbitrary code without requiring authentication or user interaction [1, 6, 10].

What is the relevance of CVE-2025-5086 for organizations using DELMIA Apriso?

This vulnerability, affecting DELMIA Apriso releases from 2020 through 2025, allows for remote code execution and has been actively exploited in the wild [1, 2, 6, 7]. CISA has added it to the Known Exploited Vulnerabilities catalog due to the significant risk it poses to manufacturing operations and potential pivot into operational technology environments [2, 6].

What actions should organizations take to address CVE-2025-5086?

Organizations should immediately apply vendor-provided security updates for affected DELMIA Apriso releases [1, 6, 10]. Other recommended actions include restricting network access to Apriso web services, segmenting vulnerable systems, and monitoring for suspicious activity [1, 10]. If patching is not immediately feasible, organizations should consider temporary mitigations like isolating systems or implementing strict network segmentation [6, 10].

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.