Particle.news
Download on the App Store
5 ARTICLES
·
3w ago

CISA Adds Actively Exploited DELMIA Apriso Flaw to KEV With Oct. 2 Fix Deadline

The deserialization bug enables remote code execution in versions 2020 through 2025 of the manufacturing software.

Factory software vulnerability
Image

Overview

  • CISA listed CVE-2025-5086 (CVSS 9.0) after confirming in-the-wild exploitation under its Known Exploited Vulnerabilities program.
  • SANS Internet Storm Center recorded attacks from 156.244.33[.]162 targeting the /apriso/WebServices/FlexNetOperationsService.svc/Invoke endpoint with a Base64 payload that unpacked fwitxz01.dll.
  • Kaspersky classified the DLL as Trojan.MSIL.Zapchast.gen, a spyware family capable of keylogging, screenshots, and data exfiltration, with its exact variant still unconfirmed.
  • Federal civilian agencies must apply fixes by October 2, 2025 under BOD 22-01, and private operators are urged to patch and monitor for the observed indicators.
  • Hacktron AI is credited with reporting the issue in DELMIA Apriso, a Manufacturing Operations Management platform widely deployed in industrial environments.