The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2025-5086, carries a CVSS score of 9.0 out of 10.0. According to Dassault, the issue impacts versions from Release 2020 through Release 2025.
“Dassault Systèmes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution,” the agency said in an advisory.
The addition of CVE-2025-5086 to the KEV catalog comes after the SANS Internet Storm Center reported seeing exploitation attempts targeting the flaw that originate from the IP address 156.244.33[.]162, which geolocates to Mexico.
The attacks involve sending an HTTP request to the “/apriso/WebServices/FlexNetOperationsService.svc/Invoke” endpoint with a Base64-encoded payload that decodes to a GZIP-compressed Windows executable (“fwitxz01.dll“), Johannes B. Ullrich, the dean of research at the SANS Technology Institute, said.
Kaspersky has flagged the DLL as “Trojan.MSIL.Zapchast.gen,” which the company describes as a malicious program designed to electronically spy on a user’s activities, including capturing keyboard input, taking screenshots, and gathering a list of active applications, among others.
“The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request),” the Russian cybersecurity vendor added.
Zapchast variants, according to Bitdefender and Trend Micro, have been distributed via phishing emails bearing malicious attachments for over a decade. It’s currently not clear if “Trojan.MSIL.Zapchast.gen” is an improved version of the same malware.
In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are advised to apply the necessary updates by October 2, 2025, to secure their networks.
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
