[Vulnerability Alert] CISA Adds 1 Known Exploited Vulnerability to KEV Catalog (2025/09/08-2025/09/14)

• Subject: [Vulnerability Alert] CISA Adds 1 Known Exploited Vulnerability to KEV Catalog (2025/09/08-2025/09/14)

• Content:
  • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202509-00000008
  • [CVE-2025-5086] Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 9.0)
  • [Exploited by ransomware: Unknown] Dassault Systèmes' DELMIA Apriso has a deserialization of untrusted data vulnerability, which may lead to remote code execution.
  • [Affected Platforms] Please refer to the official list of affected versions
  • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-5086
• Affected Platforms:
  • Details are in the Affected Platforms section of the Content Description
• Recommended Action:
  • [CVE-2025-5086] Follow the vendor's instructions for mitigation, and adhere to applicable BOD 22-01 guidance to ensure the security of cloud services. If mitigation measures cannot be implemented, the product should be discontinued.

Computer and Communications Center
Network Systems Group