What is the CVSS score of CVE-2025-5086?

CVE-2025-5086 has a CVSS 3.1 base score of 9.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 39.2%.

Which versions of Delmia Apriso are affected by CVE-2025-5086?

A critical remote code execution vulnerability in DELMIA Apriso (versions 2020-2025) is actively being exploited in the wild with no patch currently available.

Is there a public PoC exploit available for CVE-2025-5086?

Yes, a public proof-of-concept exploit is available for CVE-2025-5086. Prioritise patching immediately. EPSS: 39.2%.

How to fix or mitigate CVE-2025-5086?

Within 24 hours: Inventory all DELMIA Apriso instances and isolate affected systems from production networks if operationally feasible. Within 7 days: Implement network segmentation to restrict access to Apriso systems, deploy Web Application Firewall rules to block deserialization payloads, and disable remote interfaces if not operationally critical. Within 30 days: Monitor vendor communications for patch availability, conduct forensic analysis for compromise indicators, and develop incident response procedures specific to this vulnerability.

Delmia Apriso CVE-2025-5086

EUVD-2025-16682 CRITICAL

Deserialization of Untrusted Data (CWE-502)

2025-06-02 3DS.Information-Security@3ds.com

RCE Deserialization Delmia Apriso

9.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 16:47 euvd

EUVD-2025-16682

Analysis Generated

Mar 14, 2026 - 16:47 vuln.today

Added to CISA KEV

Oct 29, 2025 - 13:50 cisa

CISA KEV

PoC Detected

Oct 29, 2025 - 13:50 vuln.today

Public exploit code

CVE Published

Jun 02, 2025 - 18:15 nvd

CRITICAL 9.0

DescriptionNVD

A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.

AnalysisAI

Dassault Systemes DELMIA Apriso (releases 2020-2025) contains an unauthenticated deserialization vulnerability (CVE-2025-5086, CVSS 9.0) that enables remote code execution on manufacturing execution systems. KEV-listed with EPSS 39.2% and public PoC, this vulnerability threatens industrial manufacturing operations by targeting the MES (Manufacturing Execution System) layer that controls production processes.

Technical ContextAI

DELMIA Apriso is a Manufacturing Execution System (MES) that manages production operations, quality control, and supply chain processes in manufacturing environments. The deserialization vulnerability allows unauthenticated code execution on the MES server, which directly interfaces with production floor systems including PLCs, SCADA, and quality control equipment. Compromise of the MES layer can disrupt or manipulate manufacturing processes.

RemediationAI

Apply Dassault Systemes security update immediately. Isolate Apriso servers from internet access. Implement network segmentation between IT and OT networks. Audit production records for unauthorized modifications. Monitor MES access logs for suspicious activity.

CVE-2025-5086 vulnerability details – vuln.today

Back

Delmia Apriso CVE-2025-5086

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code