CVE-2025-53416 Delta Electronics CVE debrief

Who should care

OT/ICS administrators, control engineers, and security teams responsible for Delta Electronics DTN Soft installations, especially systems that routinely open or exchange project files.

Technical summary

The CISA CSAF advisory for ICSA-25-210-03 identifies a deserialization of untrusted data vulnerability in Delta Electronics DTN Soft. The affected product scope in the supplied advisory is Delta Electronics DTN Soft: <=2.1.0. The described attack path uses a specially crafted project file, and successful exploitation could lead to arbitrary code execution. The supplied CVSS v3.1 vector indicates local access and user interaction are required.

Defensive priority

High — prioritize patching affected DTN Soft installations and any related engineering workstations that process project files.

Recommended defensive actions

• Update Delta Electronics DTN Soft to version 2.1.0 or later using Delta Electronics' Download Center.
• If Delta Electronics DTM Soft is also installed, update it to version 1.6.0.0 or later.
• Treat project files from untrusted or unknown sources as unsafe until affected systems are patched.
• Review Delta Electronics advisory Delta-PCSA-2025-00009 and follow CISA ICS recommended practices for industrial control systems.

Evidence notes

Primary evidence comes from the CISA CSAF advisory ICSA-25-210-03 (published 2025-07-29) and its remediation guidance. The advisory text states that Delta Electronics DTN Soft is affected by deserialization of untrusted data, that a specially crafted project file may enable arbitrary code execution, and that affected versions are <=2.1.0. The remediation section states DTN Soft should be updated to v2.1.0 or later; if DTM Soft is installed, it should be updated to v1.6.0.0 or later.

Official resources