Description
There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access)

An unauthenticated remote attacker can access configured databases in a DIAView project.
Published: 2026-05-26
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a patch bypass for the previously identified CVE‑2025‑62582, allowing an unauthenticated attacker to read data from any database configured within a Delta Electronics DIAView project. Normal users normally require administrative credentials to query these databases, but the incomplete fix permits direct access, exposing sensitive information. The weakness is a credential management flaw listed under CWE‑321.

Affected Systems

Delta Electronics’s DIAView platform is affected. No product version ranges are supplied in the advisory, so all installations of DIAView that might have applied the incomplete fix for CVE‑2025‑62582 should be reviewed. The lack of version details makes it unclear which releases are vulnerable, implying a broad potential impact.

Risk and Exploitability

The CVSS base score of 9.8 indicates a critical severity and a full remote exploitation path without authentication. Because the EPSS metric is unavailable, the likely exploitation probability cannot be quantified, but the critical severity and absence of mitigations suggest that the vulnerability could be actively exploited in a real‑world environment. The vulnerability is not listed in the CISA KEV catalogue, so no known active exploitation campaigns have been reported at the time of this analysis. Based on the description, it is inferred that attackers could target the endpoint that handles database connectivity, potentially sending crafted requests to bypass authentication.

Generated by OpenCVE AI on May 26, 2026 at 22:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Delta Electronics patch that addresses CVE‑2026‑9642 as soon as possible.
  • Update configuration to enforce authentication for all database queries, disabling the incomplete CVE‑2025‑62582 workaround.
  • If a patch cannot be deployed immediately, isolate the DIAView server behind a firewall and restrict inbound traffic to known administrative IP addresses, effectively blocking unauthenticated remote access.
  • Enable detailed logging on the database access layer and monitor for anomalous read activity; investigate any unauthorized access attempts promptly.

Generated by OpenCVE AI on May 26, 2026 at 22:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Delta Electronics
Delta Electronics diaview
Vendors & Products Delta Electronics
Delta Electronics diaview

Tue, 26 May 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access) An unauthenticated remote attacker can access configured databases in a DIAView project.
Title Delta Electronics DIAView Patch Bypass
Weaknesses CWE-321
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Delta Electronics Diaview
cve-icon MITRE

Status: PUBLISHED

Assigner: tenable

Published:

Updated: 2026-05-26T20:46:05.218Z

Reserved: 2026-05-26T18:53:00.748Z

Link: CVE-2026-9642

cve-icon Vulnrichment

Updated: 2026-05-26T20:46:01.509Z

cve-icon NVD

Status : Received

Published: 2026-05-26T21:16:45.827

Modified: 2026-05-26T21:16:45.827

Link: CVE-2026-9642

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T22:15:17Z

Weaknesses