9

CVE-2025-5086

Warnung
Medienbericht
Exploit
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
3dsDelmia Apriso Version >= 2020 <= 2025

11.09.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability

Schwachstelle

Dassault Systèmes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 39.84% 0.971
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
3DS.Information-Security@3ds.com 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.