CVE-2025-5086

Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025

CVSS 9 CRITICALEPSS 89.1%● KEVCWE-502

In short

DELMIA Apriso versions 2020-2025 contain a flaw that allows attackers to execute arbitrary code remotely by sending specially crafted data that the application unsafely processes. This is critical because it gives attackers complete control over the system.

Technical detail

The vulnerability exploits unsafe deserialization of untrusted input in DELMIA Apriso 2020-2025, enabling remote code execution without authentication. An attacker can craft malicious serialized objects that execute arbitrary commands when processed by the application, compromising system integrity and confidentiality.

Summary generated and translated by AI from the official description.

A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

Dassault Systèmes · DELMIA Apriso

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://isc.sans.edu/diary/Exploit+Attempts+for+Dassault+DELMIA+Apriso+CVE20255086/32256 https://www.3ds.com/vulnerability/advisories https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5086