DELMIA Apriso Flaws Let Hackers Seize System Control
The Cybersecurity and Infrastructure Security Agency added two critical DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog on Oct. 29, warning that attackers are actively exploiting them. The vulnerabilities enable remote code execution and unauthorized privileged access, posing a severe threat to industrial and manufacturing systems using Dassault Systèmes’ DELMIA Apriso software.
CISA’s alert highlights vulnerabilities including CVE-2025-36386 and CVE-2025-11371, among others, all of which are confirmed to be under active exploitation. The DELMIA Apriso flaws let attackers compromise affected systems by executing arbitrary code or escalating their privileges without proper authorization.
The agency urged all federal agencies and private sector operators to apply available patches immediately. Organizations that use DELMIA Apriso should also review their systems for signs of compromise and enhance monitoring.
For full technical details and CISA’s official recommendations, read the complete report here: