CVE-2025-15103
Published: 30 December 2025
Description
DVP-12SE11T - Authentication Bypass via Partial Password Disclosure
Mitigating Controls (NIST 800-53 r5)AI
IA-5 mandates secure management and protection of authenticators like passwords against unauthorized disclosure, directly preventing vulnerabilities involving partial password exposure.
IA-6 requires obscuring authentication feedback to avoid revealing partial authentication information, comprehensively mitigating authentication bypass via partial password disclosure.
AU-13 enables monitoring of system communications and error messages for unauthorized disclosure of sensitive information such as partial passwords, allowing early detection of exploitation attempts.
Security SummaryAI
CVE-2025-15103 is an authentication bypass vulnerability caused by partial password disclosure in the DVP-12SE11T device from Delta. Published on 2025-12-30, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
Remote unauthenticated attackers can exploit this vulnerability over the network, though it requires high attack complexity and no user interaction. Successful exploitation enables authentication bypass, resulting in high impacts to confidentiality, integrity, and availability of the affected device.
Delta's security advisory PCSA-2025-00022 addresses this vulnerability along with others in the DVP-12SE11T and is available at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00022_DVP-12SE11T%20Multiple%20Vulnerabilities.pdf.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote unauthenticated attackers to bypass authentication on a network-exposed industrial device via exploitation, directly mapping to T1190 (Exploit Public-Facing Application).