CVE-2025-3495

Name of the Vulnerable Software and Affected Versions Delta Electronics COMMGR versions 1 through 2

Description The issue is related to insufficiently randomized values used to generate session IDs, which could allow an attacker to brute force a session ID and potentially load and execute arbitrary code. This is due to the use of a cryptographically weak pseudo-random number generator (PRNG).

Recommendations For versions 1 and 2, update the software to use a cryptographically secure pseudo-random number generator (PRNG) to generate session IDs. As a temporary workaround, consider implementing additional authentication measures to minimize the risk of exploitation.