CVE-2025-5086: Active Exploitation in DELMIA Apriso Deserialization (KEV)

CISA has added CVE-2025-5086 — a critical deserialization of untrusted data vulnerability in Dassault Systèmes DELMIA Apriso — to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation that elevates remediation priority under Binding Operational Directive (BOD) 22‑01. (cisa.gov)

Background / Overview​

DELMIA Apriso is a Manufacturing Execution System (MES) / Manufacturing Operations Management (MOM) platform widely deployed in factory and production environments. On June 2, 2025, Dassault Systèmes published an advisory identifying a deserialization vulnerability affecting Apriso releases from 2020 through 2025; Dassault assigns the issue Critical severity and a CVSS v3.1 base score of 9.0. (3ds.com)
On September 11, 2025, CISA added that same CVE — CVE‑2025‑5086 — to the KEV Catalog based on evidence of exploitation in the wild, triggering federal remediation expectations and issuing a signal to the private sector to prioritize mitigation. (cisa.gov) The National Vulnerability Database (NVD) entry and independent telemetry sources corroborate the description and list references to exploit activity. (nvd.nist.gov)
Why this matters: deserialization vulnerabilities in enterprise applications frequently lead to full remote code execution (RCE), and MES/MOM platforms sit at the intersection of IT and operational technology (OT). A successful exploit can give attackers a foothold into production networks, jeopardize intellectual property, disrupt manufacturing lines, and create safety or compliance exposure for organizations that rely on Apriso.

---

What the advisory and telemetry tell us​

The vendor view: Dassault Systèmes advisory​

• Affected products and versions: DELMIA Apriso — Release 2020 through Release 2025.
• Impact: Deserialization of untrusted data that could lead to remote code execution.
• Publish date: June 2, 2025.
  Dassault’s advisory is brief and flags the issue as critical while pointing administrators to remediation and support channels. (3ds.com)

CISA action: KEV inclusion and operational implications​

CISA’s KEV Catalog exists to highlight CVEs with credible evidence of active use by threat actors and to drive accelerated remediation under BOD 22‑01. The agency’s addition of CVE‑2025‑5086 on September 11, 2025, formally elevates the finding to an operational priority for Federal Civilian Executive Branch (FCEB) agencies and is a strong advisory for the private sector to follow. Agencies must remediate KEV entries according to the timelines specified in the catalog; private organizations should treat KEV entries as top‑tier triage items. (cisa.gov)

Independent telemetry: exploitation observed in the wild​

Security telemetry and defender research indicate active exploit attempts against Apriso. The Internet Storm Center (SANS ISC) published evidence of scanning and exploit payloads targeting Apriso SOAP/WCF endpoints, including a decoded example of a gzipped, base64‑encoded XAML payload delivered to a SOAP Invoke endpoint — classic signs of a .NET deserialization gadget exploit chain. These records show actual request patterns and payload structure being seen in the wild, which is the operational evidence that typically triggers a KEV listing. (isc.sans.edu)
Caveat: attribution of the scanning activity and successful exploitation to a named adversary is not publicly established; the telemetry shows exploit attempts and scanning from observed IPs but does not by itself prove a particular actor’s identity. Treat attribution claims with caution until confirmed by multiple, authoritative sources.

---

Technical analysis — why deserialization in Apriso is dangerous​

What is insecure deserialization?​

Deserialization is the process of turning a stream of bytes or serialized data back into live objects in an application. When an application accepts serialized objects from untrusted sources and reconstructs objects without strict validation, attackers can craft serialized payloads containing “gadget chains” that, when deserialized by vulnerable frameworks (e.g., .NET BinaryFormatter or XAML object factories), execute arbitrary code.
Deserialization vulnerabilities commonly result in:

• Arbitrary command execution or process spawning (RCE).
• Privilege escalation, lateral movement, or deployment of persistent malware.
• Supply‑chain and OT consequences when the targeted app interfaces directly with production control systems.

How Apriso appears to be targeted​

The SANS ISC diary shows exploit attempts directed at a SOAP endpoint (/apriso/WebServices/FlexNetOperationsService.svc/Invoke) with large XML bodies that include gzipped, base64 XAML payloads. The structure of the payloads closely matches known .NET deserialization attack patterns where a serialized object graph triggers calls to reflection or factory methods embedded in the serialized data. If the Apriso service deserializes directly into .NET objects without adequate sanitization or use of secure serializers, an attacker can chain a gadget that results in code execution on the host. (isc.sans.edu)
NVD and the vendor’s CVE metadata classify the vulnerability under CWE‑502 (Deserialization of Untrusted Data) and list potential RCE impact; Dassault assigned a high severity consistent with this risk profile. (nvd.nist.gov)

---

Immediate risk to Windows administrators and enterprise defenders​

• MES/MOM servers are often deployed on Windows Server platforms or integrate tightly with Windows‑based application stacks. A compromised Apriso instance can provide attackers with a Windows host foothold.
• Production networks frequently have weaker segmentation or legacy management interfaces; an attacker who compromises Apriso may pivot into other IT and OT systems.
• Because Apriso is a specialized enterprise product, many deployments lag in patching cadence due to change control processes, validation requirements, or compatibility concerns — increasing real‑world exposure windows.
• KEV inclusion signals active exploitation, meaning opportunistic scanning and targeted exploitation campaigns are already underway; defenders should treat this as a live operational incident until each affected asset is patched or mitigated. (cisa.gov)

---

Practical, prioritized actions for IT and Windows admins​

The following checklist is prioritized for rapid operational response. Apply items in order and escalate to incident response if compromise is suspected.

1. Inventory and scope
   1. Identify all DELMIA Apriso instances (on‑prem, hosted, cloud) and list versions (Release 2020–2025 are affected).
   2. Record network locations, listening ports (common Apriso web/WCF ports), and firewall rules.
2. Patch and vendor guidance
   1. Check Dassault Systèmes support for vendor patches or hotfixes and apply them immediately where possible. (3ds.com)
   2. If vendor patches are not immediately available for a given installation, implement mitigation steps below.
3. Network isolation and access restriction
   • Block or restrict external access to Apriso web services at the perimeter and within the corporate network. Use deny‑by‑default firewall policies and allow only trusted management subnets.
   • Temporarily disable public or internet‑facing endpoints for Apriso if they cannot be patched immediately.
4. Application‑level mitigations
   • Implement WAF rules to detect and block large, gzipped/base64 payloads sent to SOAP endpoints, or signatures that match the observed payload patterns.
   • Disable unnecessary web services and SOAP interfaces if operationally feasible.
   • Enforce strong input validation and remove unsafe deserialization code paths where possible.
5. Detection and hunting
   • Search web server logs and reverse proxies for large POSTs to /apriso/WebServices/* or the WCF Invoke paths shown in public telemetry. Look for “Content‑Type: text/xml”, SOAPAction to Invoke, and unusually large request bodies that decode to XAML or serialized .NET objects. (isc.sans.edu)
   • Hunt for process creation anomalies on Apriso hosts (unexpected cmd.exe, powershell.exe, or write activity to suspicious locations).
   • Check EDR alerts and memory artifacts for known gadget chains or serialized payload markers.
6. Incident response (if compromise suspected)
   • Isolate suspected hosts from the network.
   • Preserve forensic images and logs (web logs, application logs, Windows event logs, memory dumps).
   • Rotate credentials and secrets that might have been accessible to Apriso, especially service accounts used by the application.
7. Long‑term remediation
   • Enforce stricter change management to accelerate critical security updates for OT‑adjacent systems.
   • Apply segmentation between IT and OT and implement application allow‑listing on critical hosts.
   • Conduct code audits for serialization use and replace insecure serializers (for example, move away from BinaryFormatter and adopt safe JSON/XML deserialization libraries with strict type controls).

---

Detection specifics and practical hunting queries​

• Log indicators to search:
  • HTTP POST requests to /apriso/WebServices/FlexNetOperationsService.svc/Invoke with Content‑Type text/xml and unusually large payloads.
  • Requests containing base64 strings with gzip magic bytes in decoded stream (start bytes 1F 8B).
  • SOAPAction headers referencing tempuri.org IFlexNetOperationsService/Invoke.
  • Repeated scanning from the same source IPs or CIDR ranges; SANS observed one such origin in public telemetry (see SANS ISC write‑up). (isc.sans.edu)
• Example EDR hunt queries:
  • Process creation events from Apriso service user where parent process is w3wp.exe (IIS worker process) launching cmd.exe or powershell.exe.
  • Windows Event Log: Application or System events with unexpected service stops/starts around Apriso service timeframe.
• Network IDS/IPS signatures:
  • Look for gzipped, base64 payloads targeting SOAP endpoints; create a signature for large POSTs with encoded XAML-like substrings (e.g., “ResourceDictionary” or “x:FactoryMethod” after base64 decompression).

Note: developing bespoke signatures requires careful testing to avoid blocking legitimate traffic; test in a staging environment first.

---

Mitigations when patches are delayed​

When immediate vendor patches cannot be applied because of production change windows, apply compensating controls:

• Strictly isolate Apriso hosts on a management VLAN and block production traffic that’s unnecessary for operations.
• Deploy an inline Web Application Firewall (WAF) with rules to block or challenge suspicious large SOAP bodies and patterns revealed by SANS telemetry. (isc.sans.edu)
• Harden host OS: ensure up‑to‑date Windows updates, disable unnecessary services, remove developer tools, and use application allow‑listing for Apriso‑adjacent processes.
• Use network segmentation and Zero Trust principles to reduce the blast radius if a host is compromised.

---

Broader implications: supply chain, OT risk, and the KEV process​

Manufacturing as a high‑value target​

MES systems like DELMIA Apriso bridge ERP systems and shop‑floor equipment. A successful exploit may not only enable data exfiltration but could disrupt production schedules, damage equipment (in extreme cases), or create safety hazards. Many manufacturers run mixed environments where patch windows are constrained by validation and regulatory needs, which increases real‑world risk.

KEV and BOD 22‑01: operationalizing threat intelligence​

CISA’s KEV Catalog and BOD 22‑01 are designed to convert observed exploitation telemetry into operational mandates for federal agencies; their practices also produce strong, practical signals for private organizations to prioritize. KEV listings reduce the signal‑to‑noise problem in vulnerability triage by focusing attention on vulnerabilities that adversaries are already exploiting. That said, KEV listings are an indicator of active exploitation, not an exact map of every affected enterprise’s exposure; defenders must still perform careful inventories and risk assessments. (cisa.gov)

Risk to the Windows ecosystem​

Although DESerialization exploits target application logic, the resulting foothold is often on Windows servers (IIS/WCF environments) or Windows‑hosted middleware. Windows administrators should view MES vulnerabilities as part of the larger Windows attack surface and apply standard hardening, endpoint detection, and network isolation techniques across their estate.

---

Strengths and shortcomings of the current public response​

Notable strengths​

• CISA’s KEV inclusion provides a clear, action‑oriented signal that the vulnerability is being actively exploited, which helps organizations prioritize scarce resources. (cisa.gov)
• Vendor transparency: Dassault published an advisory and assigned a high severity, which is useful for administrators and security teams to plan remediation. (3ds.com)
• Independent telemetry (SANS ISC, NVD references) corroborates the operational reality and gives defenders concrete indicators to hunt and block. (isc.sans.edu)

Potential weaknesses and risks​

• Vendor advisories for specialized enterprise software are sometimes terse and may not include full technical mitigations or patches for all supported configurations; customers must rely on vendor support channels for per‑deployment guidance. (3ds.com)
• Many industrial deployments have long patch cycles; forced patching without proper validation can itself disrupt production. This creates a tension between rapid security patching and operational continuity.
• Public telemetry indicates scanning and exploit attempts, but successful compromises and scope of real‑world impact are incompletely publicized, making it harder for third parties to assess their exposure comprehensively. Treat claims about the scale of exploitation as provisional until multiple sources confirm wider compromise. (isc.sans.edu)

---

Recommendations for WindowsForum readers and enterprise defenders​

• Treat CVE‑2025‑5086 as a top‑priority remediation item if you run DELMIA Apriso or have Apriso‑integrated services in your network. KEV additions indicate real‑world exploitation, not theoretical risk. (cisa.gov)
• Maintain a clear, regularly updated asset inventory that includes MES/MOM systems and their network exposure. Knowing what’s reachable from untrusted networks is the first defense.
• Use compensating WAF and network isolation controls if immediate patching is not possible. Test rules in a non‑production environment before rolling them out.
• Hunt for the specific indicators described in SANS ISC write‑ups (SOAP Invoke patterns, gzipped/base64 XAML payloads, and suspicious POSTs to Apriso endpoints). (isc.sans.edu)
• Coordinate with vendors and managed service providers to schedule validated patch windows that balance security and production stability.
• For critical deployments, prepare incident response playbooks that include steps for isolating production hosts, preserving evidence, and communicating with regulatory and supply‑chain stakeholders.

---

Conclusion​

The KEV listing of CVE‑2025‑5086 is a clarion call: a deserialization flaw in a widely used MES product is being actively probed and exploited in the wild, and the operational stakes include not only data compromise but potential disruption to manufacturing processes. CISA’s action, the vendor advisory, and independent telemetry together create a clear, evidence‑backed signal for defenders to act. (cisa.gov)
For Windows administrators and enterprise defenders, the practical path forward is direct: inventory affected assets, apply vendor patches where available, implement compensating controls (network isolation and WAF), and hunt for exploitation indicators. Where patches cannot be deployed immediately, isolation and rigorous monitoring become the primary stopgaps. The urgency created by KEV inclusion should not be overstated into panic, but it must be translated into disciplined, prioritized action to prevent escalation and reduce operational risk.
Note: public telemetry demonstrates exploit attempts and scanning consistent with active abuse, but definitive statements about the number of successful intrusions or specific actor attribution remain unverified in public sources; defenders should rely on internal forensics and vendor guidance when assessing compromise. (isc.sans.edu)

---

Source: CISA CISA Adds One Known Exploited Vulnerability to Catalog | CISA