CVE-2025-5086

Published Jun 2, 2025

Last updated 2 days ago

CVSS critical 9.0
DELMIA Apriso

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-5086 is a deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025. Exploitation of this vulnerability could lead to remote code execution. Specifically, the vulnerability exists because the application does not properly validate data during the deserialization process. An attacker could potentially execute arbitrary code remotely without requiring user interaction, leading to a full system compromise, unauthorized code execution, potential data theft or manipulation, or complete system availability disruption.

Description
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
Source
3DS.Information-Security@3ds.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9
Impact score
6
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

3DS.Information-Security@3ds.com
CWE-502

Social media

Hype score
Not currently trending

  1. CVE-2025-5086 : RCE flaw in DELMIA Apriso (2020–2025) allows unauthenticated attackers to execute code remotely 50,000+ Azure AD Users Exposed via Unsecured API: BeVigil Uncovers Critical Flaw https://t.co/Z9Q78lwAEa https://t.co/Xs9oKptFWB

    @freedomhack101

    4 Jun 2025

    58 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Apple once ran this software. Multiple security firms poked at it. No one spotted the bug. Here's a thread of how we found CVE-2025-5086 in Delmia Apriso... 👇🧵

    @HacktronAI

    3 Jun 2025

    26662 Impressions

    13 Retweets

    103 Likes

    73 Bookmarks

    3 Replies

    4 Quotes

  3. 🚨 CVE-2025-5086: RCE flaw in DELMIA Apriso (2020–2025) allows unauthenticated attackers to execute code remotely ⚠️ Affects MES systems used in manufacturing Critical CVSS 10.0 🔗 https://t.co/P5zDZRZdzR #CVE2025 #RCE #CyberSecurity https://t.co/CNSZAOJePu

    @threatsbank

    3 Jun 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-5086

    @HacktronAI

    3 Jun 2025

    5690 Impressions

    7 Retweets

    44 Likes

    15 Bookmarks

    1 Reply

    0 Quotes

  5. CVE-2025-5086 A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution. https://t.co/Sp1xoeVNDQ

    @CVEnew

    2 Jun 2025

    349 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.