cbcvebase.
CVE-2025-58320
published 2025-09-11

CVE-2025-58320: Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.

PriorityP262high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
13.07%
95.9th percentile
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
delta_electronicsdialink<= 1.6.0.0
deltawwdialink< 1.8.0.01.8.0.0

Detection & IOCsextracted from sources · hover to see the quote

  • Target product: Delta Electronics DIALink versions V1.6.0.0 and prior are vulnerable to path traversal authentication bypass (CVE-2025-58320)
  • Vulnerability class is Path Traversal (CWE-22) enabling authentication bypass — monitor HTTP requests to DIALink for directory traversal sequences (e.g., ../, %2e%2e%2f) in URL paths that reach authenticated endpoints
  • Attack is remotely exploitable with no authentication and low complexity — prioritize network-level detection and blocking of unauthenticated traversal attempts against DIALink services
  • ·No known public exploitation has been reported at time of advisory publication
  • ·Two separate CVEs (CVE-2025-58320 and CVE-2025-58321) cover path traversal auth bypass in DIALink; CVE-2025-58321 carries a critical CVSS v4 score of 10.0 with full confidentiality/integrity/availability impact — treat both as part of the same attack surface
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.