CVE-2025-0921
Published May 15, 2025
Last updated 25 days ago
AI description
CVE-2025-0921 describes an "Execution with Unnecessary Privileges" vulnerability found in multiple services of the Iconics Suite, a Supervisory Control and Data Acquisition (SCADA) system, and related Mitsubishi Electric products such as GENESIS64, MC Works64, and GENESIS version 11.00. This flaw allows a local authenticated attacker to perform unauthorized write operations to arbitrary files. By creating a symbolic link from a file used as a write destination by the affected services to a target file, an attacker can misuse privileged file system operations. This can lead to the corruption of critical system binaries, ultimately resulting in a denial-of-service (DoS) condition on the affected system.
- Description
- Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS32 all versions, Mitsubishi Electric BizViz all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS versions 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric Iconics Digital Solutions BizViz all versions, and Mitsubishi Electric Iconics Digital Solutions GENESIS versions 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.
- Source
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
- NVD status
- Deferred
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 4
- Exploitability score
- 2
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
- Severity
- MEDIUM
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
- CWE-250
- Hype score
- Not currently trending
Unit 42 identified CVE-2025-0921 in Iconics Suite, a supervisory control and data acquisition (SCADA) system. Successful exploitation may lead to a denial-of-service attack. Understand how privileged file system vulns are pertinent to an OT context: https://t.co/wa60k8X0Kt
@cu1993
5 Mar 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0921 は、監視制御およびデータ収集(SCADA)システムである Iconics Suite で確認されました。悪用に成功すると、サービス拒否攻撃につながる可能性があります。詳しくはこちら: https://t.co/EJLB62QLNy https://t
@unit42_jp
19 Feb 2026
681 Impressions
3 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
🛡️ التقرير الأسبوعي للأحداث السيبرانية – ثغرة في نظام ملفات ذي امتيازات عالية تؤثر على نظام SCADA: Iconics Suite ⚠️ الفئة: ثغرة 📝 ملخص الحادثة: يتناول هذا الت
@GMashari
3 Feb 2026
79 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
We identified CVE-2025-0921 in Iconics Suite, a supervisory control and data acquisition (SCADA) system. Successful exploitation may lead to a denial-of-service attack. Understand how privileged file system vulns are pertinent to an OT context: https://t.co/ckLutdHxGA https://t.c
@Unit42_Intel
2 Feb 2026
4200 Impressions
14 Retweets
33 Likes
13 Bookmarks
0 Replies
0 Quotes
【リンク集:1月30日〜2月2日のセキュリティ関連ニュース/記事】 <脆弱性> ・三菱電機のSCADAシステムに特権ファイルシステムの脆弱性が見つかる(CVE-2025-0921) https://t.co/cAFqT2ltTx <マルウェア・その他脅
@MachinaRecord
2 Feb 2026
276 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0921 in Mitsubishi Electric Iconics Suite v10.97.2 and earlier. Privileged file system operations can trigger DoS. CVSS 6.5. Patch immediately or implement service privilege restrictions. Source: https://t.co/OiteTXiVgi
@marcgiammarco
1 Feb 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alert: A new SCADA vulnerability (CVE-2025-0921) could lead to DoS attacks in industrial systems. Ensure your systems are patched and secure. Link: https://t.co/kxD8GhpsNW #Vulnerability #Security #SCADA #Cyber #Patch #Industrial #DoS #Systems #Mitigation #Threat #Technology http
@dailytechonx
1 Feb 2026
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical SCADA Flaw CVE-2025-0921 Hits Global Industrial Systems Critical SCADA vulnerability CVE-2025-0921 exposes global industrial systems ... #CyberSecurity https://t.co/VN8HkiXNgD
@ctrlaltnod
31 Jan 2026
87 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
自動車やエネルギー分野などで使われるSCADA製品Iconics Suiteに、サービス停止を引き起こす恐れのある脆弱性が見つかった。産業制御システムの可用性に影響する点が懸念されている。 問題の脆弱性はCVE-2025-09
@yousukezan
31 Jan 2026
1191 Impressions
1 Retweet
9 Likes
3 Bookmarks
0 Replies
1 Quote
SCADAシステムであるIconics Suiteに、サービス拒否(DoS)を引き起こす可能性がある中程度の深刻度の脆弱性(CVE-2025-0921)が発見されました。この脆弱性は、自動車、エネルギー、製造業などの幅広い分野で導入さ
@omomuki_tech
31 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unit 42 detailed CVE-2025-0921, a privileged file system flaw in the Iconics Suite SCADA system, which could cause a DoS attack. https://t.co/Z819WsjM6q
@Cyber_O51NT
31 Jan 2026
694 Impressions
4 Retweets
12 Likes
1 Bookmark
1 Reply
0 Quotes
🚨 𝐏𝐫𝐢𝐯𝐢𝐥𝐞𝐠𝐞𝐝 𝐅𝐢𝐥𝐞 𝐒𝐲𝐬𝐭𝐞𝐦 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐏𝐫𝐞𝐬𝐞𝐧𝐭 𝐢𝐧 𝐚 𝐒𝐂𝐀𝐃𝐀 𝐒𝐲𝐬𝐭𝐞𝐦 • A vulnerability (CVE-2025-0921, CVSS 6.5) im
@PurpleOps_io
31 Jan 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent SCADA Alert! A new Privileged File System Vulnerability (CVE-2025-0921) in Iconics Suite could grant attackers full control over critical industrial systems. High severity, patch now! #SCADAsafety #CybersecurityAlert https://t.co/GyelFLjDhV
@xcybersecnews
31 Jan 2026
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Unit 42 Details CVE-2025-0921 in ICONICS/GENESIS64: Privileged File Ops Can Brick SCADA Hosts Unit 42 analyzed CVE-2025-0921 (CVSS 6.5) in Mitsubishi Electric ICONICS Suite/GENESIS64 where a privileged Pager Agent workflow can be abused to perform unsafe file-system
@ThreatSynop
31 Jan 2026
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes