CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-3755: Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module

9.1 CVSS

Description

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.

Classification

CVE ID: CVE-2025-3755

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Problem Types

CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input

Affected Products

Vendor: Mitsubishi Electric Corporation

Product: MELSEC iQ-F Series FX5U-32MT/ES, MELSEC iQ-F Series FX5U-32MT/DS, MELSEC iQ-F Series FX5U-32MT/ESS, MELSEC iQ-F Series FX5U-32MT/DSS, MELSEC iQ-F Series FX5U-32MR/ES, MELSEC iQ-F Series FX5U-32MR/DS, MELSEC iQ-F Series FX5U-64MT/ES, MELSEC iQ-F Series FX5U-64MT/DS, MELSEC iQ-F Series FX5U-64MT/ESS, MELSEC iQ-F Series FX5U-64MT/DSS, MELSEC iQ-F Series FX5U-64MR/ES, MELSEC iQ-F Series FX5U-64MR/DS, MELSEC iQ-F Series FX5U-80MT/ES, MELSEC iQ-F Series FX5U-80MT/DS, MELSEC iQ-F Series FX5U-80MT/ESS, MELSEC iQ-F Series FX5U-80MT/DSS, MELSEC iQ-F Series FX5U-80MR/ES, MELSEC iQ-F Series FX5U-80MR/DS, MELSEC iQ-F Series FX5UC-32MT/D, MELSEC iQ-F Series FX5UC-32MT/DSS, MELSEC iQ-F Series FX5UC-64MT/D, MELSEC iQ-F Series FX5UC-64MT/DSS, MELSEC iQ-F Series FX5UC-96MT/D, MELSEC iQ-F Series FX5UC-96MT/DSS, MELSEC iQ-F Series FX5UC-32MT/DS-TS, MELSEC iQ-F Series FX5UC-32MT/DSS-TS, MELSEC iQ-F Series FX5UC-32MR/DS-TS, MELSEC iQ-F Series FX5UJ-24MT/ES, MELSEC iQ-F Series FX5UJ-24MT/DS, MELSEC iQ-F Series FX5UJ-24MT/ESS, MELSEC iQ-F Series FX5UJ-24MT/DSS, MELSEC iQ-F Series FX5UJ-24MR/ES, MELSEC iQ-F Series FX5UJ-24MR/DS, MELSEC iQ-F Series FX5UJ-40MT/ES, MELSEC iQ-F Series FX5UJ-40MT/DS, MELSEC iQ-F Series FX5UJ-40MT/ESS, MELSEC iQ-F Series FX5UJ-40MT/DSS, MELSEC iQ-F Series FX5UJ-40MR/ES, MELSEC iQ-F Series FX5UJ-40MR/DS, MELSEC iQ-F Series FX5UJ-60MT/ES, MELSEC iQ-F Series FX5UJ-60MT/DS, MELSEC iQ-F Series FX5UJ-60MT/ESS, MELSEC iQ-F Series FX5UJ-60MT/DSS, MELSEC iQ-F Series FX5UJ-60MR/ES, MELSEC iQ-F Series FX5UJ-60MR/DS, MELSEC iQ-F Series FX5UJ-24MT/ES-A, MELSEC iQ-F Series FX5UJ-24MR/ES-A, MELSEC iQ-F Series FX5UJ-40MT/ES-A, MELSEC iQ-F Series FX5UJ-40MR/ES-A, MELSEC iQ-F Series FX5UJ-60MT/ES-A, MELSEC iQ-F Series FX5UJ-60MR/ES-A, MELSEC iQ-F Series FX5S-30MT/ES, MELSEC iQ-F Series FX5S-30MT/ESS, MELSEC iQ-F Series FX5S-30MR/ES, MELSEC iQ-F Series FX5S-40MT/ES, MELSEC iQ-F Series FX5S-40MT/ESS, MELSEC iQ-F Series FX5S-40MR/ES, MELSEC iQ-F Series FX5S-60MT/ES, MELSEC iQ-F Series FX5S-60MT/ESS, MELSEC iQ-F Series FX5S-60MR/ES, MELSEC iQ-F Series FX5S-80MT/ES, MELSEC iQ-F Series FX5S-80MT/ESS, MELSEC iQ-F Series FX5S-80MR/ES, MELSEC iQ-F Series FX5S-30MT/DS, MELSEC iQ-F Series FX5S-30MT/DSS, MELSEC iQ-F Series FX5S-30MR/DS, MELSEC iQ-F Series FX5S-40MT/DS, MELSEC iQ-F Series FX5S-40MT/DSS, MELSEC iQ-F Series FX5S-40MR/DS, MELSEC iQ-F Series FX5S-60MT/DS, MELSEC iQ-F Series FX5S-60MT/DSS, MELSEC iQ-F Series FX5S-60MR/DS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.95% (scored less or equal to compared to others)

EPSS Date: 2025-06-21 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3755
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-003_en.pdf
https://jvn.jp/vu/JVNVU94070048/

Timeline