Analysis Summary

CISA has issued a warning regarding two critical path traversal vulnerabilities in Delta Electronics’ DIALink industrial control system software, impacting versions V1.6.0.0 and earlier. These flaws, carrying maximum CVSS v4 scores of up to high, can be remotely exploited with low attack complexity to bypass authentication, potentially granting adversaries unauthorized access to sensitive operational technology (OT) environments. Such weaknesses pose a direct risk to manufacturing operations by exposing critical files and system logic to tampering or exfiltration.

The first flaw, CVE-2025-58320, allows attackers to send specially crafted API or HTTP requests that traverse outside of the intended application directory. With CVSS v3.1 and v4 scores of high respectively, successful exploitation enables unauthenticated adversaries to read or modify configuration files, including credential stores or control logic scripts. While this vulnerability alone does not directly permit code execution, the exposure of sensitive files can serve as a stepping stone to more advanced attacks and persistent compromises.

In contrast, CVE-2025-58321 presents a far more severe threat. With a CVSS v3.1 and v4 score of high, this vulnerability enables both read and write access to arbitrary filesystem locations, bypassing authentication entirely. Exploitation allows attackers to upload malicious files or scripts, granting them full control over file creation, modification, and execution with the privileges of the DIALink service. This level of access dramatically heightens the risk of code execution, ransomware deployment, operational disruption, and the establishment of persistent backdoors in industrial environments.

The flaws were reported by an anonymous researcher, and Delta Electronics has released DIALink v1.8.0.0 to address them. Organizations are urged to upgrade immediately, segment OT networks behind firewalls, and avoid direct Internet exposure of ICS systems. Additional safeguards include using VPNs or secure gateways for remote access, enforcing strict separation between IT and OT networks, and auditing file system permissions. CISA further recommends conducting thorough risk assessments before patch deployment and reporting suspicious activity to strengthen collective defense efforts across the industrial sector.

Impact

• Gain Access

Indicators of Compromise

CVE

• CVE-2025-58320

• CVE-2025-58321

Affected Vendors

Remediation

• Upgrade immediately to DIALink v1.8.0.0 or later from the Delta Download Center.
• Segment OT networks behind firewalls and avoid exposing ICS/OT systems directly to the Internet.
• Use VPNs or secure gateways for all remote access to industrial environments.
• Enforce strict separation between business IT networks and OT networks to minimize lateral movement risks.
• Audit file system permissions and restrict directory access controls to limit exploitation opportunities.
• Perform thorough risk assessments and impact analysis before deploying patches in production environments.
• Monitor and log suspicious activity, and promptly report findings to CISA or trusted threat intelligence channels.