Protect Your Systems from Delta Electronics Security Flaw

Image credit: Photo by Rebecca Wang / CC BY 4.0

CVE-2025-57704 is a pretty serious XXE vulnerability in Delta Electronics EIP Builder. Now, this impacts versions 1.11 and earlier (with a base score of around 6.7) and lets attackers create harmful XML files. By leveraging this, attackers can access system files or network resources once the files are opened in the affected software. It’s worth mentioning these files need to be processed manually; it’s not remotely exploitable – someone has to open it.

Manufacturing infrastructure worldwide is at risk, as Delta’s software is deployed pretty broadly. flaw here permits XML parsers to mishandle external entity references, a classic blunder allowing access to files like /etc/passwd through XML, and the risk persists because no public exploits exist yet… but they might soon. An immediate fix? Update to EIP Builder 1.12 or later (Delta has already patched it). And, you should keep systems isolated from the internet and ensure proper network segmentation.

Trend Micro’s Zero Day Initiative reported this, so props for handling it through proper channels. A bit of good news; it’s local-only and needs user interaction, so there’s limited urgency, but action shouldn’t be delayed long—manufacturing teams should update fast! Industrial systems, they tend to remain unpatched forever, don’t they?