CVE-2025-5086

CRITICAL KEV NUCLEI

DELMIA Apriso <2025 - Code Injection

Title source: llm

Description

A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.

Nuclei Templates (1)

Dassault Systèmes DELMIA Apriso (up to 2025) - Insecure Deserialization

CRITICALVERIFIEDby hacktronai,iamnoooob,pdresearch

Shodan: html:"apriso"

FOFA: body="/Apriso/Portal"

References (3)

[Vendor Advisory] https://www.3ds.com/vulnerability/advisories

[Exploit, Technical Description, Third Party Advisory] https://isc.sans.edu/diary/Exploit+Attempts+for+Dassault+DELMIA+Apriso+CVE20255086/32256

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5086

Scores

CVSS v3 9.0

EPSS 0.3919

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2025-09-11

VulnCheck KEV 2025-06-23

ENISA EUVD EUVD-2025-16682

Classification

CWE

CWE-502

Status published

Affected Products (1)

3ds/delmia_apriso < 2025

Timeline

Published Jun 02, 2025

KEV Added Sep 11, 2025

Tracked Since Feb 18, 2026