CVE-2025-10259 MEDIUM

CVE-2025-10259: Denial-of-Service(DoS) Vulnerability in TCP Communication Function on MELSEC iQ-F Series CPU module

Vendor Mitsubishi Electric Corporation
Product MELSEC iQ-F Series FX5U-32MT/ES
Weakness CWE-1284
Published November 6, 2025
Last update November 14, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. There is no impact on connections other than the attacked one.

Key dates

02Disclosure timeline

November 6, 2025 CVE published
November 14, 2025 Record updated