Detections
Analytics

CVE-2025-3755

critical

Description

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.

References

https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-003_en.pdf

https://jvn.jp/vu/JVNVU94070048/

Details

Source: Mitre, NVD

Published: 2025-05-29

Updated: 2025-05-29

Risk Information

CVSS v2

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: Critical

EPSS

EPSS: 0.0004