CVE-2025-3755

CRITICAL

Mitsubishi Electric Corporation MELSEC iQ-F Series - DoS

Title source: llm

Description

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.

References (3)

[Various Sources] https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-003_en.pdf

[Third Party Advisory] https://jvn.jp/vu/JVNVU94070048/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-03

Scores

CVSS v3 9.1

EPSS 0.0011

EPSS Percentile 28.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-1285

Status published

Products (50)

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MR/DS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MR/ES All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/DS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/DSS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/ES All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-30MT/ESS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-40MR/DS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-40MR/ES All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-40MT/DS All versions

Mitsubishi Electric Corporation/MELSEC iQ-F Series FX5S-40MT/DSS All versions

... and 40 more

Published May 29, 2025

Tracked Since Feb 18, 2026