The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw affecting Dassault Systèmes Delmia Apriso Manufacturing Operations Management (MOM) software, based on evidence of active exploitation in its known Exploitation Vulnerabilities (KEV) catalog.
The vulnerability tracked as CVE-2025-5086 has a CVSS score of 9.0 out of 10.0. According to Dassault, this issue affects versions from release 2020 to release 2025.
“Dassault Systèmes Delmia apriso includes lasialization of untrusted data vulnerabilities that could lead to remote code execution,” the recommendation said.
The addition of CVE-2025-5086 to the KEV catalog comes after SANS Internet Storm Center reported seeing an attempt to exploit the defects caused by IP address 156.244.33.[.]162, it will become a globalization in Mexico.
For attacks, send a http request at the “/apriso/webservices/flexnetoperationsservice.svc/invoke” endpoint.
Kaspersky flags the DLL as “Trojan.msil.zapchast.gen.” The company describes it as a malicious program designed to electronically spy on user activity, such as capturing keyboard input, taking screenshots, and collecting lists of active applications in particular.
“The information collected will be sent to Cyber Criminal by a variety of means, including email, FTP and HTTP (by sending data in a request),” the Russian cybersecurity vendor added.
According to BitDefender and Trend Micro, the ZapChast variation has been distributed via phishing emails with malicious attachments for over a decade. Currently, it is not clear whether “Trojan.msil.zapchast.gen” is an improved version of the same malware.
In light of active exploitation, the Federal Private Enforcement Division (FCEB) agency is encouraged to ensure its network by October 2, 2025 by applying the necessary updates.
Source link
