CVE-2025-0921
Published May 15, 2025
Last updated 6 months ago
AI description
CVE-2025-0921 describes an "Execution with Unnecessary Privileges" vulnerability found in multiple services of the Iconics Suite, a Supervisory Control and Data Acquisition (SCADA) system, and related Mitsubishi Electric products such as GENESIS64, MC Works64, and GENESIS version 11.00. This flaw allows a local authenticated attacker to perform unauthorized write operations to arbitrary files. By creating a symbolic link from a file used as a write destination by the affected services to a target file, an attacker can misuse privileged file system operations. This can lead to the corruption of critical system binaries, ultimately resulting in a denial-of-service (DoS) condition on the affected system.
- Description
- Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric MC Works64 all versions, and Mitsubishi Electric GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the services of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.
- Source
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 4
- Exploitability score
- 2
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
- Severity
- MEDIUM
- Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
- CWE-250
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
8
We identified CVE-2025-0921 in Iconics Suite, a supervisory control and data acquisition (SCADA) system. Successful exploitation may lead to a denial-of-service attack. Understand how privileged file system vulns are pertinent to an OT context: https://t.co/ckLutdHxGA https://t.c
@Unit42_Intel
2 Feb 2026
4200 Impressions
14 Retweets
33 Likes
13 Bookmarks
0 Replies
0 Quotes
【リンク集:1月30日〜2月2日のセキュリティ関連ニュース/記事】 <脆弱性> ・三菱電機のSCADAシステムに特権ファイルシステムの脆弱性が見つかる(CVE-2025-0921) https://t.co/cAFqT2ltTx <マルウェア・その他脅
@MachinaRecord
2 Feb 2026
276 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0921 in Mitsubishi Electric Iconics Suite v10.97.2 and earlier. Privileged file system operations can trigger DoS. CVSS 6.5. Patch immediately or implement service privilege restrictions. Source: https://t.co/OiteTXiVgi
@marcgiammarco
1 Feb 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alert: A new SCADA vulnerability (CVE-2025-0921) could lead to DoS attacks in industrial systems. Ensure your systems are patched and secure. Link: https://t.co/kxD8GhpsNW #Vulnerability #Security #SCADA #Cyber #Patch #Industrial #DoS #Systems #Mitigation #Threat #Technology http
@dailytechonx
1 Feb 2026
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical SCADA Flaw CVE-2025-0921 Hits Global Industrial Systems Critical SCADA vulnerability CVE-2025-0921 exposes global industrial systems ... #CyberSecurity https://t.co/VN8HkiXNgD
@ctrlaltnod
31 Jan 2026
87 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
自動車やエネルギー分野などで使われるSCADA製品Iconics Suiteに、サービス停止を引き起こす恐れのある脆弱性が見つかった。産業制御システムの可用性に影響する点が懸念されている。 問題の脆弱性はCVE-2025-09
@yousukezan
31 Jan 2026
1191 Impressions
1 Retweet
9 Likes
3 Bookmarks
0 Replies
1 Quote
SCADAシステムであるIconics Suiteに、サービス拒否(DoS)を引き起こす可能性がある中程度の深刻度の脆弱性(CVE-2025-0921)が発見されました。この脆弱性は、自動車、エネルギー、製造業などの幅広い分野で導入さ
@omomuki_tech
31 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unit 42 detailed CVE-2025-0921, a privileged file system flaw in the Iconics Suite SCADA system, which could cause a DoS attack. https://t.co/Z819WsjM6q
@Cyber_O51NT
31 Jan 2026
694 Impressions
4 Retweets
12 Likes
1 Bookmark
1 Reply
0 Quotes
🚨 𝐏𝐫𝐢𝐯𝐢𝐥𝐞𝐠𝐞𝐝 𝐅𝐢𝐥𝐞 𝐒𝐲𝐬𝐭𝐞𝐦 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐏𝐫𝐞𝐬𝐞𝐧𝐭 𝐢𝐧 𝐚 𝐒𝐂𝐀𝐃𝐀 𝐒𝐲𝐬𝐭𝐞𝐦 • A vulnerability (CVE-2025-0921, CVSS 6.5) im
@PurpleOps_io
31 Jan 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Urgent SCADA Alert! A new Privileged File System Vulnerability (CVE-2025-0921) in Iconics Suite could grant attackers full control over critical industrial systems. High severity, patch now! #SCADAsafety #CybersecurityAlert https://t.co/GyelFLjDhV
@xcybersecnews
31 Jan 2026
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Unit 42 Details CVE-2025-0921 in ICONICS/GENESIS64: Privileged File Ops Can Brick SCADA Hosts Unit 42 analyzed CVE-2025-0921 (CVSS 6.5) in Mitsubishi Electric ICONICS Suite/GENESIS64 where a privileged Pager Agent workflow can be abused to perform unsafe file-system
@ThreatSynop
31 Jan 2026
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes