Sign-up

ID

VAR-202508-0405


CVE

CVE-2025-53417


TITLE

Delta Electronics DIAView Directory Traversal Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-25-832

DESCRIPTION

DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics DIAView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the web service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account

Trust: 2.16

sources: NVD: CVE-2025-53417 // ZDI: ZDI-25-832 // ZDI: ZDI-25-831

AFFECTED PRODUCTS

vendor:deltamodel:diaviewscope: - version: -

Trust: 1.4

sources: ZDI: ZDI-25-832 // ZDI: ZDI-25-831

CVSS

SEVERITY

CVSSV2

CVSSV3

759f5e80-c8e1-4224-bead-956d7b33c98b: CVE-2025-53417
value: CRITICAL

Trust: 1.0

ZDI: CVE-2025-53417
value: CRITICAL

Trust: 0.7

ZDI: CVE-2025-53417
value: HIGH

Trust: 0.7

ZDI: CVE-2025-53417
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

ZDI: CVE-2025-53417
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-25-832 // ZDI: ZDI-25-831 // NVD: CVE-2025-53417

PROBLEMTYPE DATA

problemtype:CWE-35

Trust: 1.0

sources: NVD: CVE-2025-53417

PATCH

title:Delta Electronics has issued an update to correct this vulnerability.url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-01

Trust: 0.7

sources: ZDI: ZDI-25-831

EXTERNAL IDS

db:NVDid:CVE-2025-53417

Trust: 2.4

db:ZDI_CANid:ZDI-CAN-26478

Trust: 0.7

db:ZDIid:ZDI-25-832

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-26477

Trust: 0.7

db:ZDIid:ZDI-25-831

Trust: 0.7

sources: ZDI: ZDI-25-832 // ZDI: ZDI-25-831 // NVD: CVE-2025-53417

REFERENCES

url:https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00010_diaview%20directory%20traversal%20information%20disclosure.pdf

Trust: 1.0

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-01

Trust: 0.7

sources: ZDI: ZDI-25-831 // NVD: CVE-2025-53417

CREDITS

hir0ot

Trust: 1.4

sources: ZDI: ZDI-25-832 // ZDI: ZDI-25-831

SOURCES

db:ZDIid:ZDI-25-832
db:ZDIid:ZDI-25-831
db:NVDid:CVE-2025-53417

LAST UPDATE DATE

2025-08-15T23:19:25.483000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-25-832date:2025-08-13T00:00:00
db:ZDIid:ZDI-25-831date:2025-08-13T00:00:00
db:NVDid:CVE-2025-53417date:2025-08-05T14:34:17.327

SOURCES RELEASE DATE

db:ZDIid:ZDI-25-832date:2025-08-13T00:00:00
db:ZDIid:ZDI-25-831date:2025-08-13T00:00:00
db:NVDid:CVE-2025-53417date:2025-08-05T03:15:26.500