How severe is CVE-2025-3495?

CVE-2025-3495 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-3495

9.8CRITICAL

Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code.

Publicado: 4/16/2025Actualizado: 4/16/2025

Descripción

Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code.

Análisis IAImpulsado por IA

Referencias

https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00005_COMMGR%20-%20Insufficient%20Randomization%20Authentication%20Bypass_v1.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-07