The cybersecurity landscape has once again been shaken by urgent warnings from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This time, the focus is on critical vulnerabilities within Dassault Systèmes DELMIA Apriso, a widely used manufacturing operations management software. CISA has added two significant security flaws to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation by threat actors in real-world attacks. This alert, issued on October 28, 2025, mandates swift action from federal agencies and serves as a critical call to all organizations leveraging this software.

CISA’s Urgent Alert: DELMIA Apriso Under Attack

CISA’s latest directive highlights the severe risk posed by actively exploited vulnerabilities in Dassault Systèmes DELMIA Apriso. The inclusion of these flaws in the KEV catalog signifies that threat actors are successfully leveraging them to compromise systems, underscoring the immediate need for mitigation. While federal agencies are required to implement countermeasures by November 18, 2025, the underlying message is clear for all private sector entities: assess your DELMIA Apriso installations and act without delay.

Understanding the Dassault Systèmes DELMIA Apriso Vulnerabilities

While the specific CVE identifiers were not detailed in the source, CISA’s warning about “two critical vulnerabilities” suggests significant weaknesses in the DELMIA Apriso platform. Software like DELMIA Apriso, central to manufacturing operations, often processes sensitive data and controls critical industrial processes. Exploitation of such vulnerabilities could lead to:

• Data Breaches: Unauthorized access to proprietary manufacturing data, intellectual property, or customer information.
• Operational Disruption: Sabotage or manipulation of production lines, leading to significant financial losses and reputational damage.
• System Compromise: Remote code execution (RCE) or privilege escalation, allowing attackers to gain full control over affected systems.
• Supply Chain Attacks: Leveraging compromised DELMIA Apriso instances to pivot into other connected systems within the supply chain.

Organizations must treat vulnerabilities in operational technology (OT) and industrial control systems (ICS) with the highest priority, as their compromise can have severe real-world consequences beyond typical IT system breaches.

Remediation Actions and Mitigation Strategies

Given the active exploitation, immediate action is paramount for any organization using Dassault Systèmes DELMIA Apriso. Here’s a structured approach to mitigation:

• Patching and Updates: The most crucial step is to apply all available security patches and updates from Dassault Systèmes for DELMIA Apriso. Refer to Dassault Systèmes’ official security advisories and support channels for the latest information.
• Network Segmentation: Isolate DELMIA Apriso systems from the broader corporate network wherever possible. Implement robust network segmentation to restrict unauthorized access and contain potential breaches.
• Access Control Review: Conduct a thorough review of access controls for DELMIA Apriso. Ensure the principle of least privilege is strictly enforced, and multi-factor authentication (MFA) is enabled for all access points.
• Monitoring and Logging: Enhance monitoring capabilities for DELMIA Apriso environments. Look for unusual activity, unauthorized access attempts, or deviations from normal operational patterns. Implement comprehensive logging to aid in incident response.
• Incident Response Plan: Update and test your incident response plan specifically for OT/ICS environments. Ensure your team is prepared to detect, respond to, and recover from a DELMIA Apriso compromise.
• Vulnerability Scanning: Regularly scan your network and systems for known vulnerabilities, paying close attention to critical manufacturing systems.

Tools for Detection and Mitigation

Leveraging appropriate tools is essential for effectively identifying and addressing these types of vulnerabilities. Here’s a selection of categories and examples:

Tool Category	Description	Purpose
Vulnerability Scanners	Tenable Nessus, Qualys, Rapid7 InsightVM	Identifies known vulnerabilities in software and systems, including those in DELMIA Apriso if detectable via network scans or authenticated scans.
Intrusion Detection/Prevention Systems (IDS/IPS)	Snort, Suricata, commercial IDS/IPS platforms	Detects and/or prevents malicious network traffic patterns and exploit attempts targeting application vulnerabilities.
Security Information and Event Management (SIEM)	Splunk, IBM QRadar, Microsoft Azure Sentinel	Aggregates and analyzes security logs from various sources, including DELMIA Apriso servers, to detect anomalous activity and potential breaches.
Network Segmentation Solutions	Firewalls (e.g., Palo Alto Networks, Cisco ASA), Micro-segmentation tools	Enforces network policies to isolate critical systems like DELMIA Apriso from other network segments, limiting lateral movement.

Conclusion: Prioritizing DELMIA Apriso Security

CISA’s warning regarding Dassault Systèmes DELMIA Apriso vulnerabilities is a stark reminder of the persistent and evolving threat landscape. For organizations relying on this critical manufacturing software, the message is unambiguous: security hygiene, timely patching, and proactive monitoring are not optional. By implementing the recommended remediation actions and leveraging appropriate security tools, enterprises can significantly reduce their attack surface and protect their vital operational technology from active exploitation. Staying informed through official channels like CISA and Dassault Systèmes advisories is paramount to maintaining a resilient cybersecurity posture.