CVE-2025-3755

CRITICAL

Mitsubishi Electric Corporation MELSEC iQ-F Series - DoS

Title source: llm

Description

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.

References (3)

[Third Party Advisory] https://jvn.jp/vu/JVNVU94070048/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-03

[Various Sources] https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-003_en.pdf

Scores

CVSS v3 9.1

EPSS 0.0005

EPSS Percentile 16.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Classification

CWE

CWE-1285

Status draft

Timeline

Published May 29, 2025

Tracked Since Feb 18, 2026