CVE-2025-10259

MEDIUM

Mitsubishi Electric MELSEC iQ-F - DoS

Title source: llm

Description

Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. There is no impact on connections other than the attacked one.

References (3)

[Various Sources] https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-014_en.pdf

[Third Party Advisory] https://jvn.jp/vu/JVNVU92088475/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-01

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 9.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1284

Status published

Products (50)

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MR/DS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MR/ES All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MR/ES-A All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/DS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/DSS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/ES All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/ES-A All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/ESS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-40MR/DS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-40MR/ES All versions

... and 40 more

Published Nov 06, 2025

Tracked Since Feb 18, 2026