CVE-2025-5086

Summary

A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesDELMIA AprisoRelease 2020 Golden <= Release 2020 SP4affected
Dassault SystèmesDELMIA AprisoRelease 2021 Golden <= Release 2021 SP3affected
Dassault SystèmesDELMIA AprisoRelease 2022 Golden <= Release 2022 SP3affected
Dassault SystèmesDELMIA AprisoRelease 2023 Golden <= Release 2023 SP3affected
Dassault SystèmesDELMIA AprisoRelease 2024 Golden <= Release 2024 SP1affected
Dassault SystèmesDELMIA AprisoRelease 2025 Golden <= Release 2025 SP1affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References