CVE-2025-3699
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-26

Last updated on: 2025-12-23

Assigner: Mitsubishi Electric Corporation

Description
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 all versions, G-50-W all versions, G-50A all versions, GB-50 all versions, GB-50A all versions, GB-24A all versions, G-150AD all versions, AG-150A-A all versions, AG-150A-J all versions, GB-50AD all versions, GB-50ADA-A all versions, GB-50ADA-J all versions, EB-50GU-A all versions, EB-50GU-J all versions, AE-200J all versions, AE-200A all versions, AE-200E all versions, AE-50J all versions, AE-50A all versions, AE-50E all versions, EW-50J all versions, EW-50A all versions, EW-50E all versions, TE-200A all versions, TE-50A all versions, TW-50A all versions, and CMS-RMD-J all versions allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-26
Last Modified
2025-12-23
Generated
2026-05-07
AI Q&A
2025-06-27
EPSS Evaluated
2026-05-05
NVD
CVE-2025-3699
EUVD
EUVD-2025-19244
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Missing Authentication for Critical Function issue in various Mitsubishi Electric Corporation air conditioning system versions. It allows a remote attacker to bypass authentication without any credentials, enabling them to illegally control the air conditioning systems or disclose sensitive information. Additionally, the attacker may tamper with the firmware of these systems using the obtained information.


How can this vulnerability impact me? :

The impact of this vulnerability includes unauthorized control over air conditioning systems, which could disrupt operations or cause physical damage. It also allows attackers to access sensitive information and potentially modify the firmware, leading to further compromise or persistent malicious control.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart