Cyber Resilience

CVE-2025-62581

CriticalUpdated

Published: 16 January 2026

Published
16 January 2026
Modified
04 June 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0053 40.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-62581 is a critical-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Deltaww Diaview. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SC-13 (Cryptographic Protection).

Deeper analysis

CVE-2025-62581 is one of multiple vulnerabilities in Delta Electronics DIAView software, associated with CWE-321 (Use of Hard-coded Cryptographic Key). Published on 2026-01-16, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its network vector, low complexity, lack of required privileges or user interaction, and high impacts across confidentiality, integrity, and availability.

Unauthenticated remote attackers with network access to an affected DIAView instance can exploit CVE-2025-62581 without user interaction. Exploitation could enable high-impact outcomes, including unauthorized access to sensitive data, modification of system configurations or data, and denial of service, potentially leading to full compromise of the software.

Delta Electronics has published security advisory PCSA-2026-00001, accessible at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00001_DIAView%20Multiple%20Vulnerabilities%20(CVE-2025-62581,%20CVE-2025-62582).pdf, which addresses CVE-2025-62581 alongside CVE-2025-62582 and provides details relevant to mitigation for affected DIAView versions.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Delta Electronics DIAView has multiple vulnerabilities.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Hard-coded cryptographic key in network-accessible DIAView software directly enables unauthenticated remote exploitation of a public-facing application, leading to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-62582Same product: Deltaww Diaview
CVE-2026-0975Same product: Deltaww Diaview
CVE-2026-1951Same vendor: Deltaww
CVE-2026-1952Same vendor: Deltaww
CVE-2026-1950Same vendor: Deltaww
CVE-2026-1949Same vendor: Deltaww
CVE-2025-15103Same vendor: Deltaww
CVE-2026-22586Shared CWE-321
CVE-2026-26335Shared CWE-321
CVE-2025-11899Shared CWE-321

Affected Assets

deltaww
diaview
≤ 4.4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates identification, reporting, and correction of the hard-coded cryptographic key flaw in DIAView via vendor patch to prevent exploitation.

prevent

Requires secure generation, distribution, storage, and management of cryptographic keys, directly preventing the use of hard-coded keys as in this CVE.

prevent

Enforces implementation of approved cryptographic mechanisms and prohibits insecure practices like hard-coded cryptographic keys exploited in DIAView.

References