Date Posted: 2025/09/17

[Vulnerability Alert] CISA Adds 1 Known Exploited Vulnerability to KEV Catalog (2025/09/08-2025/09/14)

  • Subject: [Vulnerability Alert] CISA Adds 1 Known Exploited Vulnerability to KEV Catalog (2025/09/08-2025/09/14)
  • Content:
    • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202509-00000008
    • [CVE-2025-5086] Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 9.0)
    • [Exploited by ransomware: Unknown] Dassault Systèmes' DELMIA Apriso has a deserialization of untrusted data vulnerability, which may lead to remote code execution.
    • [Affected Platforms] Please refer to the official list of affected versions
    • https://www.3ds.com/trust-center/security/security-advisories/cve-2025-5086
  • Affected Platforms:
    • Details are in the Affected Platforms section of the Content Description
  • Recommended Action:
    • [CVE-2025-5086] Follow the vendor's instructions for mitigation, and adhere to applicable BOD 22-01 guidance to ensure the security of cloud services. If mitigation measures cannot be implemented, the product should be discontinued.

Computer and Communications Center
Network Systems Group