Ddos 
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new security advisory warning about two serious vulnerabilities affecting Delta Electronics DIALink, a widely used industrial networking tool. If exploited, the flaws could allow attackers to bypass authentication and gain unauthorized access to critical systems.
According to the advisory, “Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication.” The affected product versions include DIALink V1.6.0.0 and prior.
Two separate path traversal flaws have been identified:
- CVE-2025-58320 – Improper limitation of a pathname to a restricted directory with a CVSS v3.1 base score of 7.3.
- CVE-2025-58321 – A more severe instance of the same weakness, rated critical with a CVSS v3.1 base score of 10.
Both vulnerabilities stem from improper directory path handling, which could allow attackers to manipulate file system access and bypass security controls.
While no known public exploitation has been reported yet, CISA stresses that the critical nature of the vulnerabilities demands urgent attention. Exploitation of authentication bypass flaws in industrial control systems could enable attackers to disrupt operations, steal sensitive data, or pivot deeper into enterprise networks.
CISA and Delta Electronics strongly recommend upgrading to DIALink v1.8.0.0 or later, available via the Delta Download Center.
In addition to patching, Delta has issued broader cybersecurity best practices to reduce the risk of exploitation:
- Don’t click on untrusted Internet links or open unsolicited attachments in emails.
- Avoid exposing control systems and equipment to the Internet.
- Place systems and devices behind a firewall and isolate them from the business network.
- When remote access is required, use a secure access method, such as a virtual private network (VPN).
Donate