CVE-2025-58321
published 2025-09-11CVE-2025-58321: Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
PriorityP271critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
1.22%
64.8th percentile
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | dialink | <= 1.6.0.0 | — |
| deltaww | dialink | < 1.8.0.0 | 1.8.0.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target product is Delta Electronics DIALink versions V1.6.0.0 and prior; detect exploitation attempts via path traversal patterns in HTTP requests targeting DIALink endpoints that result in authentication bypass ↗
- →CVE-2025-58321 is remotely exploitable with no authentication and no user interaction required (PR:N/UI:N); monitor for unauthenticated path traversal requests to DIALink services from external/untrusted network sources ↗
- →Scope is Changed (S:C) with High confidentiality, integrity, and availability impact; successful exploitation may result in full system compromise — correlate any unexpected process execution or file access anomalies on DIALink hosts with inbound path traversal traffic ↗
- ·No known public exploitation has been reported at time of advisory publication; no specific exploit code, IOCs, or attack infrastructure have been publicly disclosed ↗
- ·Affected versions are DIALink V1.6.0.0 and prior; patched version is V1.8.0.0 or later — version fingerprinting of DIALink deployments is necessary to scope detection efforts ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9w85-hprg-c8rx: Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability
ghsa_unreviewed·2025-09-11
CVE-2025-58321 [CRITICAL] CWE-22 GHSA-9w85-hprg-c8rx: Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
CISA ICS
Delta Electronics DIALink
cisa_ics·2025-09-16·CVSS 7.3
[HIGH] Delta Electronics DIALink
ICS Advisory
##
Delta Electronics DIALink
Release DateSeptember 16, 2025
Alert CodeICSA-25-259-07
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: DIALink
- Vulnerabilities: Path Traversal
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Delta Electronics DIALink are affected:
- DIALink: Versions V1.6.0.0 and prior
## 3.2 VULNERABILITY OVERVIEW
## 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAV
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-11
Published