CVE-2025-53416 - Vulnerability Details - OpenCVE

Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00355.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

Fixes

Solution

DTN Soft itself does not need to be updated; however, if users have also installed DMT Soft, Delta Electronics recommends users update DTM Soft to DTM Soft v1.6.0.0 https://downloadcenter.deltaww.com/en-US/DownloadCenter (Released at 2025/3/25) or later.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.deltaww.com/en-US/Cybersecurity_Advisory

History

Tue, 15 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics		epss `{'score': 0.00285}`

Tue, 15 Jul 2025 03:30:00 +0000

Type	Values Removed	Values Added
Description	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution
Title		File Parsing Deserialization of Untrusted Data in DTN Soft
Weaknesses		CWE-502
References		https://www.deltaww.com/en-US/Cybersecurity_Advisory
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` epss `{}`

Mon, 30 Jun 2025 09:30:00 +0000

Type	Values Removed	Values Added
Description		This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

MITRE

Status: PUBLISHED

Assigner: Deltaww

Published: 2025-06-30T09:14:19.717Z

Updated: 2025-07-15T14:52:28.895Z

Reserved: 2025-06-30T08:06:53.587Z

Link: CVE-2025-53416

Vulnrichment

Updated: 2025-07-15T14:52:05.315Z

NVD

Status : Awaiting Analysis

Published: 2025-06-30T10:15:26.127

Modified: 2025-07-15T13:24:41.097

Link: CVE-2025-53416

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53416", "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "state": "PUBLISHED", "assignerShortName": "Deltaww", "dateReserved": "2025-06-30T08:06:53.587Z", "datePublished": "2025-06-30T09:14:19.717Z", "dateUpdated": "2025-07-15T14:52:28.895Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "DTN Soft", "vendor": "Delta Electronics", "versions": [{"lessThanOrEqual": "v2.1.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-07-15T03:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution"}], "value": "Delta Electronics DTN Soft\u00a0Project File Parsing Deserialization of Untrusted Data Remote Code Execution"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "shortName": "Deltaww", "dateUpdated": "2025-07-15T03:01:36.131Z"}, "references": [{"url": "https://www.deltaww.com/en-US/Cybersecurity_Advisory"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">DTN Soft itself does not need to be updated; however, if users have also installed DMT Soft, Delta Electronics recommends users \n\n<span style=\"background-color: rgb(255, 255, 255);\">update DTM Soft</span>\nto <a target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&q=dtm%20soft&sort_expr=cdate&sort_dir=DESC\">DTM Soft v1.6.0.0</a> (Released at 2025/3/25)</span><span style=\"background-color: rgb(255, 255, 255);\"> or later.</span>\n\n<br>"}], "value": "DTN Soft itself does not need to be updated; however, if users have also installed DMT Soft, Delta Electronics recommends users \n\nupdate DTM Soft\nto DTM Soft v1.6.0.0 https://downloadcenter.deltaww.com/en-US/DownloadCenter (Released at 2025/3/25)\u00a0or later."}], "source": {"discovery": "EXTERNAL"}, "title": "File Parsing Deserialization of Untrusted Data in DTN Soft", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-15T14:51:51.735838Z", "id": "CVE-2025-53416", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-15T14:52:28.895Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53416", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-15T14:51:51.735838Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-15T14:52:05.315Z"}}], "cna": {"title": "File Parsing Deserialization of Untrusted Data in DTN Soft", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Delta Electronics", "product": "DTN Soft", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v2.1.0"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "DTN Soft itself does not need to be updated; however, if users have also installed DMT Soft, Delta Electronics recommends users \n\nupdate DTM Soft\nto DTM Soft v1.6.0.0 https://downloadcenter.deltaww.com/en-US/DownloadCenter (Released at 2025/3/25)\u00a0or later.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">DTN Soft itself does not need to be updated; however, if users have also installed DMT Soft, Delta Electronics recommends users \n\n<span style=\"background-color: rgb(255, 255, 255);\">update DTM Soft</span>\nto <a target=\"_blank\" rel=\"nofollow\" href=\"https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&q=dtm%20soft&sort_expr=cdate&sort_dir=DESC\">DTM Soft v1.6.0.0</a> (Released at 2025/3/25)</span><span style=\"background-color: rgb(255, 255, 255);\"> or later.</span>\n\n<br>", "base64": false}]}], "datePublic": "2025-07-15T03:00:00.000Z", "references": [{"url": "https://www.deltaww.com/en-US/Cybersecurity_Advisory"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Delta Electronics DTN Soft\u00a0Project File Parsing Deserialization of Untrusted Data Remote Code Execution", "supportingMedia": [{"type": "text/html", "value": "Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "shortName": "Deltaww", "dateUpdated": "2025-07-15T03:01:36.131Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53416", "state": "PUBLISHED", "dateUpdated": "2025-07-15T14:52:28.895Z", "dateReserved": "2025-06-30T08:06:53.587Z", "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "datePublished": "2025-06-30T09:14:19.717Z", "assignerShortName": "Deltaww"}, "dataVersion": "5.1"}