Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3495

Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code.

Published

2025-04-16T03:15:17.530

Last Modified

2025-04-16T13:25:37.340

Status

Awaiting Analysis

Source

759f5e80-c8e1-4224-bead-956d7b33c98b

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-338

Affected Vendors & Products

References

https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00005_COMMGR%20-%20Insufficient%20Randomization%20Authentication%20Bypass_v1.pdf (759f5e80-c8e1-4224-bead-956d7b33c98b)
https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-07 (759f5e80-c8e1-4224-bead-956d7b33c98b)