Hackers are going after the manufacturing system management tool, DELMIA Apriso, launching attacks on it.
In a recent announcement, software provider Dassault Systèmes revealed a critical security vulnerability (CVE-2025-5086) in their Manufacturing Operations Management (MOM) and Manufacturing Execution System (MES) software, DELMIA Apriso. This software is currently used extensively in the automotive industry and other manufacturing sectors worldwide.
The security vulnerability affects releases of DELMIA Apriso from 2020 to 2025, including the most recent ones. The exploit involves sending SOAP requests with malicious code to vulnerable instances of DELMIA Apriso. Attackers may not need authentication to launch attacks due to the critical nature of the security vulnerability.
The extent of these attacks is unknown, but our website security is now warning of attacks on DELMIA Apriso systems. A security researcher from the SANS Institute Internet Storm Center reported exploit attempts on DELMIA Apriso in early September.
The security vulnerability allows malicious code to infiltrate and damage computers, potentially causing devastating effects for companies that rely on DELMIA Apriso to control their global production processes. It's unclear if a security patch exists to address the ongoing attacks on DELMIA Apriso.
In response, Dassault Systèmes has issued a statement recommending actions to protect systems from ongoing attacks. Users can follow these recommendations or choose to manually delete the file to protect their systems. However, it's crucial to create a backup of the system and configuration before taking protective measures.
The exact actions attackers take after successful attacks remain unclear. The software provider emphasises the importance of maintaining vigilance and taking immediate action to secure systems. Users are advised to stay informed about the situation and to follow the guidance provided by Dassault Systèmes and other reliable sources.
Read also:
- Top 15 Pivotal Risks to Mobile Application's Security
- Revising the title: Redefining "Bring Your Own Device" Policies for a Secure and Flexible Workspace in the Hybrid Work Environment
- "Global VPN Day: Is it a shield for privacy or a gap needing sealing? Exploring the implications"
- Summoning Shamans, Spirits, and Love in the Play 'Head Over Heels'
