CVE-2025-3755 CRITICAL

CVE-2025-3755: Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module

Vendor Mitsubishi Electric Corporation
Product MELSEC iQ-F Series FX5U-32MT/ES
Weakness CWE-1285
Published May 29, 2025
Last update August 27, 2025

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.

Key dates

02Disclosure timeline

May 29, 2025 CVE published
August 27, 2025 Record updated