Sign-up

ID

VAR-202508-0405


CVE

CVE-2025-53417


TITLE

Delta Electronics DIAView Directory Traversal Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-25-832

DESCRIPTION

DIAView (v4.2.0 and prior) - Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Electronics DIAView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the web service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Delta Electronics DIAView is industrial configuration software from Delta Electronics, a Chinese company. This vulnerability stems from a lack of path validity checks when processing directory requests

Trust: 2.7

sources: NVD: CVE-2025-53417 // ZDI: ZDI-25-832 // ZDI: ZDI-25-831 // CNVD: CNVD-2025-22958

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-22958

AFFECTED PRODUCTS

vendor:deltamodel:diaviewscope: - version: -

Trust: 1.4

vendor:deltamodel:electronics diaviewscope:lteversion:<=4.2.0

Trust: 0.6

sources: ZDI: ZDI-25-832 // ZDI: ZDI-25-831 // CNVD: CNVD-2025-22958

CVSS

SEVERITY

CVSSV2

CVSSV3

759f5e80-c8e1-4224-bead-956d7b33c98b: CVE-2025-53417
value: CRITICAL

Trust: 1.0

ZDI: CVE-2025-53417
value: CRITICAL

Trust: 0.7

ZDI: CVE-2025-53417
value: HIGH

Trust: 0.7

CNVD: CNVD-2025-22958
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-22958
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ZDI: CVE-2025-53417
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 0.7

ZDI: CVE-2025-53417
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-25-832 // ZDI: ZDI-25-831 // CNVD: CNVD-2025-22958 // NVD: CVE-2025-53417

PROBLEMTYPE DATA

problemtype:CWE-35

Trust: 1.0

sources: NVD: CVE-2025-53417

PATCH

title:Delta Electronics has issued an update to correct this vulnerability.url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-01

Trust: 0.7

title:Patch for Delta Electronics DIAView Directory Traversal Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/738761

Trust: 0.6

sources: ZDI: ZDI-25-831 // CNVD: CNVD-2025-22958

EXTERNAL IDS

db:NVDid:CVE-2025-53417

Trust: 3.0

db:ZDI_CANid:ZDI-CAN-26478

Trust: 0.7

db:ZDIid:ZDI-25-832

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-26477

Trust: 0.7

db:ZDIid:ZDI-25-831

Trust: 0.7

db:CNVDid:CNVD-2025-22958

Trust: 0.6

sources: ZDI: ZDI-25-832 // ZDI: ZDI-25-831 // CNVD: CNVD-2025-22958 // NVD: CVE-2025-53417

REFERENCES

url:https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00010_diaview%20directory%20traversal%20information%20disclosure.pdf

Trust: 1.6

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-01

Trust: 0.7

sources: ZDI: ZDI-25-831 // CNVD: CNVD-2025-22958 // NVD: CVE-2025-53417

CREDITS

hir0ot

Trust: 1.4

sources: ZDI: ZDI-25-832 // ZDI: ZDI-25-831

SOURCES

db:ZDIid:ZDI-25-832
db:ZDIid:ZDI-25-831
db:CNVDid:CNVD-2025-22958
db:NVDid:CVE-2025-53417

LAST UPDATE DATE

2025-09-30T23:43:31.448000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-25-832date:2025-08-13T00:00:00
db:ZDIid:ZDI-25-831date:2025-08-13T00:00:00
db:CNVDid:CNVD-2025-22958date:2025-09-29T00:00:00
db:NVDid:CVE-2025-53417date:2025-08-05T14:34:17.327

SOURCES RELEASE DATE

db:ZDIid:ZDI-25-832date:2025-08-13T00:00:00
db:ZDIid:ZDI-25-831date:2025-08-13T00:00:00
db:CNVDid:CNVD-2025-22958date:2025-09-29T00:00:00
db:NVDid:CVE-2025-53417date:2025-08-05T03:15:26.500