Session ID Vulnerability in Delta Electronics COMMGR Product
CVE-2025-3495

9.8CRITICAL

Key Information:

Vendor: Delta Electronics
Status: Commgr
Vendor: CVE Published:; 16 April 2025

Summary

Delta Electronics COMMGR versions 1 and 2 are susceptible to a vulnerability where session IDs are generated using values that are not sufficiently randomized. This flaw (CWE-338) enables attackers to easily perform a brute-force attack on the session IDs, potentially allowing them to authenticate as legitimate users and execute arbitrary code on the system.

Affected Version(s)

COMMGR Windows 0

References

https://filecenter.deltaww.com/news/download/doc/Delta-PC...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Apr 10, 2025