CVE-2025-3755

Published May 29, 2025

Last updated 2 months ago

CVSS critical 9.1

Overview

Description
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.
Source
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Severity
CRITICAL

Weaknesses

Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
CWE-1285

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-3755 βš οΈπŸ”΄ CRITICAL (9.1) 🏒 Mitsubishi Electric Corporation - MELSEC iQ-F Series FX5U-32MT/ES πŸ—οΈ All versions πŸ”— https://t.co/Z39ogXxkgm πŸ”— https://t.co/kJ2U9F1Oc5 #CyberCron #VulnAlert #InfoSec https://t.co/sTSJSmU1WA

    @cybercronai

    30 May 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-3755 Unauthenticated Packet Manipulation Vulnerability in Mitsubishi MELSEC iQ-F Series CPUs https://t.co/cOxwDbgPq1

    @VulmonFeeds

    29 May 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-3755 Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote una… https://t.co/pOMDv5rD8X

    @CVEnew

    29 May 2025

    573 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-3755: CRITICAL] Critical vulnerability in Mitsubishi Electric's MELSEC iQ-F Series CPU modules allows remote attackers to read data, trigger DoS conditions, or halt operations. Reset needed for recov...#cve,CVE-2025-3755,#cybersecurity https://t.co/ibtUmELtIe https://t.

    @CveFindCom

    29 May 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.