CVE-2025-59299

Description

Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

Active

Confidentiality (Vulnerable System)

Low

Integrity (Vulnerable System)

Low

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

Delta Electronics / DIAScreen0 – 1.6.1

References

MISChttps://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00018_DIAScreen%20File%20Parsing%20Out-Of-Bounds%20Write%20Vulnerability.pdf