CVE-2025-10259
BaseFortify
Publication date: 2025-11-06
Last updated on: 2025-11-14
Assigner: Mitsubishi Electric Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mitsubishi | electric_melsec_iq-f_series_cpu | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a denial-of-service (DoS) issue in the TCP communication function of Mitsubishi Electric's MELSEC iQ-F Series CPU modules. It occurs due to improper validation of specified quantity in input, allowing a remote attacker to send specially crafted TCP packets that disconnect an active TCP connection. The DoS impact is limited to the attacked TCP connection only, and other connections remain unaffected. Recovery requires re-establishing the disconnected TCP connection. [1, 2]
How can this vulnerability impact me? :
The vulnerability can cause a denial-of-service condition by disconnecting an active TCP connection remotely. This means that an attacker can disrupt communication with the affected MELSEC iQ-F Series CPU module by targeting its TCP connection, causing temporary unavailability of that connection. However, other concurrent connections are not affected, and normal operation can resume once the TCP connection is re-established. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unexpected TCP connection disconnections to Mitsubishi Electric MELSEC iQ-F Series CPU modules. Since the attack involves specially crafted TCP packets causing disconnections, network administrators should look for abnormal TCP resets or connection drops targeting these devices. Specific detection commands are not provided in the resources. However, general network monitoring tools like tcpdump or Wireshark can be used to capture and analyze TCP traffic to these devices for unusual patterns or resets. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting physical access to the affected MELSEC iQ-F Series CPU modules and their connected LANs to reduce the risk of exploitation. Additionally, if Internet access to these devices is necessary, use a Virtual Private Network (VPN) to encrypt communications and protect against remote attacks. Since no patch or fixed firmware is planned, these mitigation and avoidance measures are recommended to minimize exposure. [2]