CVE-2025-59297 - Vulnerability Details - OpenCVE

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Delta Electronics	Diascreen

No data.

No data.

References

Link	Providers
https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00018_DIAScreen%20File%20Parsing%20Out-Of-Bounds%20Write%20Vulnerability.pdf

History

Fri, 03 Oct 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 03 Oct 2025 08:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Delta Electronics Delta Electronics diascreen
Vendors & Products		Delta Electronics Delta Electronics diascreen

Fri, 03 Oct 2025 02:45:00 +0000

Type	Values Removed	Values Added
Description		Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Title		File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen
Weaknesses		CWE-787
References		https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00018_DIAScreen%20File%20Parsing%20Out-Of-Bounds%20Write%20Vulnerability.pdf
Metrics		cvssV4_0 `{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Deltaww

Published: 2025-10-03T02:21:47.522Z

Updated: 2025-10-03T15:50:47.255Z

Reserved: 2025-09-12T01:31:46.228Z

Link: CVE-2025-59297

Vulnrichment

Updated: 2025-10-03T15:50:41.576Z

NVD

Status : Received

Published: 2025-10-03T03:15:34.787

Modified: 2025-10-03T03:15:34.787

Link: CVE-2025-59297

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-59297", "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "state": "PUBLISHED", "assignerShortName": "Deltaww", "dateReserved": "2025-09-12T01:31:46.228Z", "datePublished": "2025-10-03T02:21:47.522Z", "dateUpdated": "2025-10-03T15:50:47.255Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "DIAScreen", "vendor": "Delta Electronics", "versions": [{"lessThan": "1.6.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Natnael Samson working with Trend Micro Zero Day Initiative"}, {"lang": "en", "type": "coordinator", "value": "Kevin Harwood of CISA"}], "datePublic": "2025-10-03T01:55:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Delta Electronics DIAScreen<span style=\"background-color: rgb(255, 255, 255);\"> lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.</span>"}], "value": "Delta Electronics DIAScreen\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-Of-Bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "shortName": "Deltaww", "dateUpdated": "2025-10-03T02:21:47.522Z"}, "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00018_DIAScreen%20File%20Parsing%20Out-Of-Bounds%20Write%20Vulnerability.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Download and update to DIAScreen v1.6.1 or later<br>"}], "value": "Download and update to DIAScreen v1.6.1 or later"}], "source": {"discovery": "EXTERNAL"}, "title": "File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-03T15:50:32.449514Z", "id": "CVE-2025-59297", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T15:50:47.255Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-59297", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-03T15:50:32.449514Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T15:50:41.576Z"}}], "cna": {"title": "File Parsing Out-Of-Bounds Write Vulnerability in DIAScreen", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Natnael Samson working with Trend Micro Zero Day Initiative"}, {"lang": "en", "type": "coordinator", "value": "Kevin Harwood of CISA"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Delta Electronics", "product": "DIAScreen", "versions": [{"status": "affected", "version": "0", "lessThan": "1.6.1", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Download and update to DIAScreen v1.6.1 or later", "supportingMedia": [{"type": "text/html", "value": "Download and update to DIAScreen v1.6.1 or later<br>", "base64": false}]}], "datePublic": "2025-10-03T01:55:00.000Z", "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00018_DIAScreen%20File%20Parsing%20Out-Of-Bounds%20Write%20Vulnerability.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Delta Electronics DIAScreen\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.", "supportingMedia": [{"type": "text/html", "value": "Delta Electronics DIAScreen<span style=\"background-color: rgb(255, 255, 255);\"> lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-Of-Bounds Write"}]}], "providerMetadata": {"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "shortName": "Deltaww", "dateUpdated": "2025-10-03T02:21:47.522Z"}}}, "cveMetadata": {"cveId": "CVE-2025-59297", "state": "PUBLISHED", "dateUpdated": "2025-10-03T15:50:47.255Z", "dateReserved": "2025-09-12T01:31:46.228Z", "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "datePublished": "2025-10-03T02:21:47.522Z", "assignerShortName": "Deltaww"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Delta Electronics DIAScreen\u00a0lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process."}], "id": "CVE-2025-59297", "lastModified": "2025-10-03T03:15:34.787", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "type": "Secondary"}]}, "published": "2025-10-03T03:15:34.787", "references": [{"source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00018_DIAScreen%20File%20Parsing%20Out-Of-Bounds%20Write%20Vulnerability.pdf"}], "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "type": "Secondary"}]}