CVE-2025-15103 - Vulnerability Details - OpenCVE

DVP-12SE11T - Authentication Bypass via Partial Password Disclosure

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00074.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Upgrade firmware to v2.16 or later

Workaround

No workaround given by the vendor.

References

Link	Providers
https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf

History

Tue, 30 Dec 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 30 Dec 2025 09:00:00 +0000

Type	Values Removed	Values Added
Description		DVP-12SE11T - Authentication Bypass via Partial Password Disclosure
Title		DVP-12SE11T - Authentication Bypass via Partial Password Disclosure
Weaknesses		CWE-200
References		https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Deltaww

Published: 2025-12-30T08:55:49.441Z

Updated: 2025-12-30T15:57:07.318Z

Reserved: 2025-12-26T03:25:51.691Z

Link: CVE-2025-15103

Vulnrichment

Updated: 2025-12-30T15:55:59.839Z

NVD

Status : Received

Published: 2025-12-30T09:15:52.463

Modified: 2025-12-30T09:15:52.463

Link: CVE-2025-15103

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-200

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15103", "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "state": "PUBLISHED", "assignerShortName": "Deltaww", "dateReserved": "2025-12-26T03:25:51.691Z", "datePublished": "2025-12-30T08:55:49.441Z", "dateUpdated": "2025-12-30T15:57:07.318Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DVP-12SE11T", "vendor": "Delta Electronics", "versions": [{"lessThan": "2.16", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"}], "datePublic": "2025-12-30T08:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure<br>"}], "value": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "shortName": "Deltaww", "dateUpdated": "2025-12-30T08:55:49.441Z"}, "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade firmware to v2.16 or later"}], "value": "Upgrade firmware to v2.16 or later"}], "source": {"discovery": "EXTERNAL"}, "title": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-30T13:47:11.557973Z", "id": "CVE-2025-15103", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-30T15:57:07.318Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15103", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-30T13:47:11.557973Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-30T15:55:59.839Z"}}], "cna": {"title": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Nhan Nguyen, Hoa X. Nguyen, and Tue Lam of Unit 515 from OPSWAT"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Delta Electronics", "product": "DVP-12SE11T", "versions": [{"status": "affected", "version": "0", "lessThan": "2.16", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade firmware to v2.16 or later", "supportingMedia": [{"type": "text/html", "value": "Upgrade firmware to v2.16 or later", "base64": false}]}], "datePublic": "2025-12-30T08:30:00.000Z", "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure", "supportingMedia": [{"type": "text/html", "value": "DVP-12SE11T - Authentication Bypass via Partial Password Disclosure<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "shortName": "Deltaww", "dateUpdated": "2025-12-30T08:55:49.441Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15103", "state": "PUBLISHED", "dateUpdated": "2025-12-30T15:57:07.318Z", "dateReserved": "2025-12-26T03:25:51.691Z", "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "datePublished": "2025-12-30T08:55:49.441Z", "assignerShortName": "Deltaww"}, "dataVersion": "5.2"}