CVE-2025-11009

MEDIUM

Mitsubishi Electric GT Designer3 - Info Disclosure

Title source: llm

Description

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT Designer3. This could allow the attacker to operate illegally GOT2000 series or GOT1000 series by using the obtained credentials.

References (2)

[Various Sources] https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-017_en.pdf

[Third Party Advisory] https://jvn.jp/vu/JVNVU99629801/

Scores

CVSS v3 5.1

EPSS 0.0001

EPSS Percentile 2.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (2)

Mitsubishi Electric Corporation/GT Designer3 Version1 (GOT1000) all versions

Mitsubishi Electric Corporation/GT Designer3 Version1 (GOT2000) all versions

Published Dec 17, 2025

Tracked Since Feb 18, 2026