Cyber Posture

CVE-2025-62581

Critical

Published: 16 January 2026

Published
16 January 2026
Modified
20 January 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-62581 is a critical-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Deltaww Diaview. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SC-13 (Cryptographic Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mandates identification, reporting, and correction of the hard-coded cryptographic key flaw in DIAView via vendor patch to prevent exploitation.

SC-12 Cryptographic Key Establishment and Management good match
prevent

Requires secure generation, distribution, storage, and management of cryptographic keys, directly preventing the use of hard-coded keys as in this CVE.

SC-13 Cryptographic Protection good match
prevent

Enforces implementation of approved cryptographic mechanisms and prohibits insecure practices like hard-coded cryptographic keys exploited in DIAView.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Hard-coded cryptographic key in network-accessible DIAView software directly enables unauthenticated remote exploitation of a public-facing application, leading to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Delta Electronics DIAView has multiple vulnerabilities.

Deeper analysisAI

CVE-2025-62581 is one of multiple vulnerabilities in Delta Electronics DIAView software, associated with CWE-321 (Use of Hard-coded Cryptographic Key). Published on 2026-01-16, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its network vector, low complexity, lack of required privileges or user interaction, and high impacts across confidentiality, integrity, and availability.

Unauthenticated remote attackers with network access to an affected DIAView instance can exploit CVE-2025-62581 without user interaction. Exploitation could enable high-impact outcomes, including unauthorized access to sensitive data, modification of system configurations or data, and denial of service, potentially leading to full compromise of the software.

Delta Electronics has published security advisory PCSA-2026-00001, accessible at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00001_DIAView%20Multiple%20Vulnerabilities%20(CVE-2025-62581,%20CVE-2025-62582).pdf, which addresses CVE-2025-62581 alongside CVE-2025-62582 and provides details relevant to mitigation for affected DIAView versions.

Details

CWE(s)
CWE-321

Affected Products

deltaww
diaview
≤ 4.4.0

CVEs Like This One

CVE-2025-62582Same product: Deltaww Diaview
CVE-2026-0975Same product: Deltaww Diaview
CVE-2025-15016Shared CWE-321
CVE-2025-15103Same vendor: Deltaww
CVE-2026-22586Shared CWE-321
CVE-2025-11899Shared CWE-321
CVE-2025-57174Shared CWE-321
CVE-2026-3630Same vendor: Deltaww
CVE-2026-26335Shared CWE-321
CVE-2025-22881Same vendor: Deltaww

References