<ciso brief/>
Tag Banner

All news with #commgr tag

all tags →

Thu, August 28, 2025

Delta Electronics COMMGR: Remote Code Execution Risks

#Command Injection #COMMGR #Delta Electronics #Disclosure #Patch #RCE #Security Advisory #Stack Overflow

⚠️ Delta Electronics has identified two critical vulnerabilities in COMMGR (v2.9.0 and earlier) — a stack-based buffer overflow (CVE-2025-53418) and a code injection flaw (CVE-2025-53419) — that can enable arbitrary code execution via crafted .isp files. Delta and CISA rate the combined risk as high (CISA lists CVSS v4 8.8) and recommend upgrading to v2.10.0 or later. Additional mitigations include network segmentation, limiting Internet exposure, and using secure remote access methods. CISA reports no known public exploitation at this time.

read more →