CRITICAL🇵🇱 Wersja polska

CVE-2025-58321

CVSS 10.0v3.1pub. 2025-09-11upd. 2025-09-26

Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-22 (path traversal) allows an attacker to craft a network request containing directory path navigation sequences (e.g., '../') that enable access to resources outside the allowed application area. As a result, the authentication mechanism is bypassed — the attacker gains unauthorized access without providing correct login credentials. The attack vector is network-based, requires no privileges or user interaction, and the scope of impact extends beyond the application itself (Scope: Changed).

Impact

Successful exploitation of this vulnerability allows an attacker to completely compromise the confidentiality, integrity, and availability of the system — they can read, modify, or destroy data and disrupt service without any prior authentication.

Mitigation & patch

Apply patches available from the vendor according to the references — Delta Electronics security bulletin available at the address indicated in the references (Delta-PCSA-2025-00016). Until the patch is deployed, it is recommended to restrict network access to the DIALink system only to trusted hosts and isolate the system behind a firewall.

Who is affected

Delta Electronics DIALink — versions indicated in the vendor references (bulletin Delta-PCSA-2025-00016)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Deltaww Dialink

    APP
    Deltaww
    < 1.8.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path TraversalAuth Bypass
CWE
References

Related vulnerabilities

CVE-2022-2660CRITICAL9.8ten sam produkt

Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded crypt...

CVE-2025-58320HIGH7.3ten sam produkt

Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.

CVE-2022-2969HIGH8.1ten sam produkt

Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pa...

CVE-2021-38422HIGH7.8ten sam produkt

Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allo...

CVE-2021-38418HIGH8.8ten sam produkt

Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to b...