Delta Electronics DIAView Multiple Vulnerabilities

CVE-2025-62581 – Hard-coded JWT Secret Key (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

DIAView uses a hardcoded secret key.

CVE-2025-62582 – Unauthenticated Remote Database Access (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

An unauthenticated remote attacker can access configured databases in a DIAView project.