CVE-2025-3784 MEDIUM

CVE-2025-3784: Information Disclosure Vulnerability in GX Works2

Vendor Mitsubishi Electric Corporation
Product GX Works2
Weakness CWE-312 · Cleartext storage
Published November 27, 2025
Last update December 8, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information.

Key dates

02Disclosure timeline

November 27, 2025 CVE published
December 8, 2025 Record updated