CISA has added a critical deserialization vulnerability (CVE-2025-5086) in Dassault Systèmes DELMIA Apriso to its KEV catalog due to active exploitation. Attackers can achieve remote code execution by sending malicious XML payloads via SOAP requests, impacting versions 2020-2025. Federal agencies are mandated to patch by October 2, 2025, to address this high-severity flaw.
Latest mentioned: 09-12
Earliest mentioned: 09-12