CVE-2025-7376
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-06

Last updated on: 2026-04-09

Assigner: Mitsubishi Electric Corporation

Description
Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric IoTWorX version 10.95, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions AnalytiX versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions IoTWorX version 10.95, and Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-06
Last Modified
2026-04-09
Generated
2026-05-07
AI Q&A
2025-08-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7376
EUVD
EUVD-2025-23786
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
mitsubishi electric mc_works64
mitsubishi electric genesis64
mitsubishi electric genesis
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-64 The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves Windows Shortcut Following (.LNK) in multiple Mitsubishi Electric Iconics Digital Solutions products. A local authenticated attacker can create a symbolic link from a file used as a write destination by the affected processes to an arbitrary target file. This allows the attacker to write unauthorized data to that target file.


How can this vulnerability impact me? :

The vulnerability can allow an attacker to destroy files on a PC with the affected products installed. If the destroyed file is necessary for the operation of the PC, this can result in a denial-of-service (DoS) condition, disrupting normal operations.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart