Details of VAR-202509-3613

ID

VAR-202509-3613

CVE

CVE-2025-58320

TITLE

Delta Electronics, INC. of DIALink Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-015154

DESCRIPTION

Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. Delta Electronics, INC. of DIALink Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to overwrite configuration files on affected installations of Delta Electronics DIALink. Authentication is not required to exploit this vulnerability.The specific flaw exists within the web service, which listens on TCP port 7631 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations

Trust: 2.79

sources: NVD: CVE-2025-58320 // JVNDB: JVNDB-2025-015154 // ZDI: ZDI-25-927 // CNVD: CNVD-2025-22947

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-22947

AFFECTED PRODUCTS

vendor:	delta	model:	dialink	scope:	-	version:	-	Trust: 1.5
vendor:	deltaww	model:	dialink	scope:	lt	version:	1.8.0.0	Trust: 1.0
vendor:	delta	model:	dialink	scope:	eq	version:	1.8.0.0	Trust: 0.8
vendor:	delta	model:	dialink	scope:	eq	version:	-	Trust: 0.8
vendor:	delta	model:	electronics dialink	scope:	lte	version:	<=1.6.0.0	Trust: 0.6

sources: ZDI: ZDI-25-927 // CNVD: CNVD-2025-22947 // JVNDB: JVNDB-2025-015154 // NVD: CVE-2025-58320

CVSS

SEVERITY

CVSSV2

CVSSV3

759f5e80-c8e1-4224-bead-956d7b33c98b:	CVE-2025-58320
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2025-58320
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-58320
value:	HIGH
Trust: 0.8
ZDI:	CVE-2025-58320
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2025-22947
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-22947
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

759f5e80-c8e1-4224-bead-956d7b33c98b:	CVE-2025-58320
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.1
Trust: 2.0
NVD:	CVE-2025-58320
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2025-58320
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.4
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-25-927 // CNVD: CNVD-2025-22947 // JVNDB: JVNDB-2025-015154 // NVD: CVE-2025-58320 // NVD: CVE-2025-58320

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-015154 // NVD: CVE-2025-58320

PATCH

title:	Delta Electronics has issued an update to correct this vulnerability.	url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-07	Trust: 0.7
title:	Patch for Delta Electronics DIALink Directory Traversal Vulnerability (CNVD-2025-22947)	url:	https://www.cnvd.org.cn/patchInfo/show/738706	Trust: 0.6

sources: ZDI: ZDI-25-927 // CNVD: CNVD-2025-22947

EXTERNAL IDS

db:	NVD	id:	CVE-2025-58320	Trust: 3.9
db:	ICS CERT	id:	ICSA-25-259-07	Trust: 0.8
db:	JVN	id:	JVNVU98116919	Trust: 0.8
db:	JVNDB	id:	JVNDB-2025-015154	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-26843	Trust: 0.7
db:	ZDI	id:	ZDI-25-927	Trust: 0.7
db:	CNVD	id:	CNVD-2025-22947	Trust: 0.6

sources: ZDI: ZDI-25-927 // CNVD: CNVD-2025-22947 // JVNDB: JVNDB-2025-015154 // NVD: CVE-2025-58320

REFERENCES

url:	https://filecenter.deltaww.com/news/download/doc/delta-pcsa-2025-00016_dialink%20-%20directory%20traversal%20authentication%20bypass%20vulnerability.pdf	Trust: 2.4
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-07	Trust: 1.5
url:	https://jvn.jp/vu/jvnvu98116919/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-58320	Trust: 0.8

sources: ZDI: ZDI-25-927 // CNVD: CNVD-2025-22947 // JVNDB: JVNDB-2025-015154 // NVD: CVE-2025-58320

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-25-927

SOURCES

db:	ZDI	id:	ZDI-25-927
db:	CNVD	id:	CNVD-2025-22947
db:	JVNDB	id:	JVNDB-2025-015154
db:	NVD	id:	CVE-2025-58320

LAST UPDATE DATE

2025-10-10T23:28:40.302000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-25-927	date:	2025-10-01T00:00:00
db:	CNVD	id:	CNVD-2025-22947	date:	2025-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2025-015154	date:	2025-10-06T08:44:00
db:	NVD	id:	CVE-2025-58320	date:	2025-09-26T14:43:41.973

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-25-927	date:	2025-10-01T00:00:00
db:	CNVD	id:	CNVD-2025-22947	date:	2025-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2025-015154	date:	2025-10-06T00:00:00
db:	NVD	id:	CVE-2025-58320	date:	2025-09-11T09:15:34.807