CVE-2025-5241
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-11

Last updated on: 2025-07-15

Assigner: Mitsubishi Electric Corporation

Description
Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain period by repeatedly attempting to login with incorrect passwords. The legitimate users will be unable to login until a certain period has passed after the lockout or until the product is reset.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-11
Last Modified
2025-07-15
Generated
2026-05-07
AI Q&A
2025-07-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-5241
EUVD
EUVD-2025-21089
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mitsubishi electric_melsec_iq-f_series *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-645 The product contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Overly Restrictive Account Lockout Mechanism in Mitsubishi Electric Corporation MELSEC iQ-F Series. It allows a remote unauthenticated attacker to repeatedly attempt to login with incorrect passwords, causing legitimate users to be locked out for a certain period or until the product is reset.


How can this vulnerability impact me? :

The vulnerability can impact you by preventing legitimate users from logging into the system for a certain period or until the product is reset, potentially causing denial of service or disruption of normal operations.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart