A critical vulnerability in DELMIA Apriso (factory software/MOM & MES) has been actively exploited by threat actors. The flaw, identified as CVE-2025-5086, involves deserialization of untrusted data and carries a high severity score (9.0). Systems running DELMIA versions from 2020 through 2025 are affected, and attackers can leverage this weakness to execute remote code. Security agencies have confirmed real-world exploitation, prompting directives to apply patches swiftly.

Attackers have been observed sending malformed requests containing encoded payloads that transform into compressed executables—some of which evade basic antivirus detection. Because DELMIA Apriso links factory equipment with enterprise systems (e.g. ERP), compromised installations risk widespread disruption of operations, data integrity, and control processes. Organizations using the affected software are urged to treat this as a top priority patch, monitor for anomalous traffic, and isolate vulnerable systems until patched.

‍

Source: https://www.securityweek.com/delmia-factory-software-vulnerability-exploited-in-attacks/