The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2025-5086, carries a CVSS score of 9.0 out of 10.0. According to Dassault, the issue impacts versions from Release 2020 through Release 2025.
“Dassault Systèmes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution,” the agency said in an advisory.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The addition of CVE-2025-5086 to the KEV catalog comes after the SANS Internet Storm Center reported seeing exploitation attempts targeting the flaw that originate from the IP address 156.244.33[.]162, which geolocates to Mexico.
The attacks involve sending an HTTP request to the “/apriso/WebServices/FlexNetOperationsService.svc/Invoke” endpoint with a Base64-encoded payload that decodes to a GZIP-compressed Windows executable (“fwitxz01.dll”), Johannes B. Ullrich, the dean of research at the SANS Technology Institute, said.
Kaspersky has flagged the DLL as “Trojan.MSIL.Zapchast.gen,” which the company describes as a malicious program designed to electronically spy on a user’s activities, including capturing keyboard input, taking screenshots, and gathering a list of active applications, among others.
“The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request),” the Russian cybersecurity vendor added.
Zapchast variants, according to Bitdefender and Trend Micro, have been distributed via phishing emails bearing malicious attachments for over a decade. It’s currently not clear if “Trojan.MSIL.Zapchast.gen” is an improved version of the same malware.
In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are advised to apply the necessary updates by October 2, 2025, to secure their networks.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage