CVE-2025-8531
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-09-24
Assigner: Mitsubishi Electric Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mitsubishi | electric_melsec-q_series | Q06UDPVCPU |
| mitsubishi | electric_melsec-q_series | Q03UDVCPU |
| mitsubishi | electric_melsec-q_series | Q26UDPVCPU |
| mitsubishi | electric_melsec-q_series | Q13UDPVCPU |
| mitsubishi | electric_melsec-q_series | Q06UDVCPU |
| mitsubishi | electric_melsec-q_series | Q04UDPVCPU |
| mitsubishi | electric_melsec-q_series | 0 |
| mitsubishi | electric_melsec-q_series | Q04UDVCPU |
| mitsubishi | electric_melsec-q_series | Q13UDVCPU |
| mitsubishi | electric_melsec-q_series | Q26UDVCPU |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-130 | The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper handling of length parameter inconsistency in certain Mitsubishi Electric MELSEC-Q Series CPU models. A remote attacker can send specially crafted packets to cause an integer underflow, which stops Ethernet communication and halts the execution of control programs on the affected device when the user authentication function is enabled.
How can this vulnerability impact me? :
The vulnerability can cause denial of service by stopping Ethernet communication and halting control program execution on the affected Mitsubishi Electric devices, potentially disrupting industrial or automation processes relying on these devices.