CVE-2025-58320
published 2025-09-11CVE-2025-58320: Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
PriorityP262high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
13.07%
95.9th percentile
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | dialink | <= 1.6.0.0 | — |
| deltaww | dialink | < 1.8.0.0 | 1.8.0.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target product: Delta Electronics DIALink versions V1.6.0.0 and prior are vulnerable to path traversal authentication bypass (CVE-2025-58320) ↗
- →Vulnerability class is Path Traversal (CWE-22) enabling authentication bypass — monitor HTTP requests to DIALink for directory traversal sequences (e.g., ../, %2e%2e%2f) in URL paths that reach authenticated endpoints ↗
- →Attack is remotely exploitable with no authentication and low complexity — prioritize network-level detection and blocking of unauthenticated traversal attempts against DIALink services ↗
- ·No known public exploitation has been reported at time of advisory publication ↗
- ·Two separate CVEs (CVE-2025-58320 and CVE-2025-58321) cover path traversal auth bypass in DIALink; CVE-2025-58321 carries a critical CVSS v4 score of 10.0 with full confidentiality/integrity/availability impact — treat both as part of the same attack surface ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-359w-9vj6-rhm6: Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability
ghsa_unreviewed·2025-09-11
CVE-2025-58320 [HIGH] CWE-22 GHSA-359w-9vj6-rhm6: Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
CISA ICS
Delta Electronics DIALink
cisa_ics·2025-09-16·CVSS 7.3
[HIGH] Delta Electronics DIALink
ICS Advisory
##
Delta Electronics DIALink
Release DateSeptember 16, 2025
Alert CodeICSA-25-259-07
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: DIALink
- Vulnerabilities: Path Traversal
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Delta Electronics DIALink are affected:
- DIALink: Versions V1.6.0.0 and prior
## 3.2 VULNERABILITY OVERVIEW
## 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAV
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-11
Published