The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation.

The vulnerability, tracked as CVE-2025-5086 , carries a CVSS score of 9.0 out of 10.0. According to Dassault, the issue impacts versions from Release 2020 through Release 2025.

"Dassault Systèmes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution," the agency said in an advisory.

The addition of CVE-2025-5086 to the KEV catalog comes after the SANS Internet Storm Center reported seeing exploitation attempts targeting

See Full Page