CISA has added CVE-2025-5086, a critical deserialization of untrusted data vulnerability in Dassault Systèmes’ DELMIA Apriso, to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The move, announced on September 11, 2025, elevates patching priority under Binding Operational Directive (BOD) 22-01 and signals an urgent threat to Windows environments where the manufacturing execution system (MES) is often deployed.

DELMIA Apriso is a widely used MES and Manufacturing Operations Management (MOM) platform that bridges enterprise resource planning (ERP) systems and shop-floor equipment. Dassault Systèmes had previously published an advisory on June 2, 2025, assigning the flaw a CVSS v3.1 base score of 9.0 and confirming it affects all releases from 2020 through 2025. The CISA KEV inclusion now turns a vendor advisory into an operational imperative: attackers are actively scanning for and attempting to exploit vulnerable instances.

The Vulnerability and the KEV Addition

CVE-2025-5086 is a classic deserialization vulnerability, classified under CWE-502. When an application deserializes data from untrusted sources without proper validation, attackers can craft malicious payloads that trigger arbitrary code execution on the server. In the case of Apriso, public telemetry indicates that the exploitation vector is a SOAP web service endpoint—specifically /apriso/WebServices/FlexNetOperationsService.svc/Invoke—where attackers send large XML bodies containing gzipped, base64-encoded XAML payloads.

Dassault’s advisory remained terse, directing administrators to support channels for patches. The NVD entry corroborates the high severity and RCE impact. CISA’s decision to list the CVE in the KEV catalog confirms that the theoretical risk has materialized into active, real-world attacks. The KEV catalog is the authoritative list of CVEs with confirmed exploitation; BOD 22-01 mandates that federal civilian agencies remediate such vulnerabilities promptly, while private enterprises are strongly urged to follow suit.

Why DELMIA Apriso and Deserialization Matter

Deserialization flaws are notoriously dangerous because they bypass traditional network security controls. A crafted serialized object can instruct the .NET runtime to execute commands, load assemblies, or spawn processes—often with the privileges of the application’s service account. In Apriso, which manages manufacturing workflows, production schedules, and even interfaces with industrial control systems, a successful exploit grants attackers a foothold into an organization’s operational technology (OT) environment.

The consequences extend beyond data theft. Attackers could disrupt production lines, exfiltrate intellectual property, manipulate quality control processes, or pivot to other systems in a poorly segmented factory network. Many Apriso deployments run on Windows Server with IIS hosting the WCF services, making this a direct concern for Windows administrators.

Windows Environments at Risk

Administrators managing Windows-based Apriso installations face a compounded threat. The deserialization payloads observed by SANS Internet Storm Center (ISC) researchers are tailored for .NET deserialization gadget chains, a well-known attack pattern against Windows-hosted applications. A compromised IIS worker process (w3wp.exe) can lead to attackers gaining code execution on the server, often as a privileged service account.

Moreover, MES platforms like Apriso are often considered “critical but fragile” in operational settings. Patching is frequently delayed due to validation requirements, change control processes, and the risk of interrupting production. This slow patch cadence leaves a wide window of opportunity for adversaries who are already scanning for vulnerable endpoints.

The KEV listing acts as a forcing function. Ignoring it means an organization not only risks an intrusion but may also face regulatory or compliance consequences, especially if it handles federal contracts or critical infrastructure.

Indicators of Compromise and Exploit Telemetry

Public telemetry from SANS ISC and other monitoring sources reveals a clear picture of the attack patterns. Defenders should hunt for the following indicators:

  • HTTP POST requests to URIs ending in /apriso/WebServices/FlexNetOperationsService.svc/Invoke
  • Content-Type: text/xml and a SOAPAction header referencing tempuri.org/IFlexNetOperationsService/Invoke
  • Request bodies that are unusually large (several kilobytes) and contain base64 strings
  • After base64 decoding, data that begins with gzip magic bytes (1F 8B)
  • Inside the decompressed data, presence of XAML elements such as ResourceDictionary or x:FactoryMethod—hallmarks of a .NET deserialization attack

Network defenders should also watch for repeated requests from single source IPs scanning Apriso endpoints. While attribution to a specific threat actor remains unconfirmed, the volume of scanning indicates that opportunistic exploitation is underway and that targeted attacks against known Apriso deployments are likely.

On the endpoint side, Windows event logs may show unexpected process creations from the Apriso service account. Look for cmd.exe or powershell.exe spawned by w3wp.exe or the Apriso service process. Application crashes or service restarts around the time of suspicious POSTs could also indicate attempted or successful exploitation.

Mitigation and Response for Windows Admins

Immediate action is required. Follow this prioritized checklist:

  1. Inventory and Scope: Identify all DELMIA Apriso instances—on-premises, hosted, or cloud—and confirm version numbers. All versions from Release 2020 through 2025 are affected. Document their network exposure and firewall rules.
  2. Apply Vendor Patches: Contact Dassault Systèmes support for hotfixes or updates. If a patch is available, deploy it with appropriate validation. If no patch exists, move to compensating controls.
  3. Network Isolation: Restrict access to Apriso web services at the perimeter and within the internal network. Use deny-by-default firewall policies; allow only trusted management subnets. Temporarily disable any internet-facing Apriso endpoints.
  4. Web Application Firewall (WAF): Deploy WAF rules to detect and block requests containing large, gzipped/base64 payloads targeting the vulnerable SOAP endpoint. Signatures should look for patterns like gzip compression in base64 encoded fields or the specific SOAPAction header value.
  5. Detection and Hunting:
    - Search web server logs for the indicators described above.
    - Deploy EDR hunt queries for process creation anomalies on Apriso hosts.
    - Enable enhanced logging for IIS and WCF services.
  6. Incident Response Preparation: If any IoC is found, initiate incident response. Isolate the host, preserve forensic artifacts (logs, memory dumps), rotate credentials, and conduct a wide-scope investigation.
  7. Long-Term Hardening: Enforce application allow-listing on Apriso servers, segment IT and OT networks, and conduct code/framework audits to replace insecure serializers (e.g., BinaryFormatter) with safe alternatives.

When patching cannot be done immediately—a common scenario in manufacturing—the combination of network isolation and WAF rules becomes the primary defense. Even with these, continuous monitoring is essential because attackers may adapt payloads to evade simple signature detection.

Broader Implications: OT Security and the KEV Process

This vulnerability underscores the growing intersection of IT and OT threats. As MES platforms become more connected and feature-rich, their attack surface expands. The KEV catalog has matured into a critical threat-intelligence feed that cuts through the noise of thousands of CVEs, highlighting those that are actively weaponized. For Windows administrators, the message is clear: any KEV-listed vulnerability that touches a Windows asset should be patched as soon as operationally feasible, because the attackers are already at the gates.

The CISA KEV entry for CVE-2025-5086 also demonstrates the value of community telemetry sharing. The SANS ISC analysis provided concrete payload examples and IOCs that immediately give defenders actionable intelligence. Such collaboration accelerates detection and reduces the time to deploy countermeasures.

Conclusion

The active exploitation of CVE-2025-5086 in DELMIA Apriso is a stark warning. A critical deserialization flaw in a platform central to manufacturing operations is being exploited to gain remote code execution on Windows servers. CISA’s KEV addition compels immediate and decisive action. For Windows and enterprise defenders, the path forward is straightforward: inventory affected systems, apply patches or strong compensating controls, and hunt for signs of compromise. The operational risk is real, but a disciplined response can prevent an intrusion from becoming a production-halting incident.

Publicly available telemetry confirms exploit attempts, but organizations should rely on their own forensic findings and vendor guidance to assess compromise. Treat this vulnerability as a live threat until every affected Apriso instance is secured.