CVE-2025-15080
Unknown Unknown - Not Provided

Improper Input Validation in Mitsubishi MELSEC iQ-R Enables DoS, Data Access

Vulnerability report for CVE-2025-15080, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-05

Last updated on: 2026-02-06

Assigner: Mitsubishi Electric Corporation

Description

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted packet containing a specific command to the affected product.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-05
Last Modified
2026-02-06
Generated
2026-07-06
AI Q&A
2026-02-05
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
mitsubishi_electric melsec_iq-r_series r08pcpu
mitsubishi_electric melsec_iq-r_series r16pcpu
mitsubishi_electric melsec_iq-r_series r32pcpu
mitsubishi_electric melsec_iq-r_series to 49 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-15080 is a vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU devices caused by improper validation of specified quantity in input. This flaw allows an unauthenticated attacker to send specially crafted packets containing specific commands to the affected devices.

Due to this improper input validation, the attacker can read device data or parts of control programs, write device data, or cause a denial of service (DoS) condition on the affected product.

Impact Analysis

This vulnerability can have several serious impacts including:

  • Unauthorized reading of device data or parts of control programs, potentially exposing sensitive information.
  • Unauthorized writing or tampering with device data, which can affect the integrity of the system.
  • Denial of Service (DoS) conditions that disrupt the normal operation and availability of the affected devices.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate the vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU devices, immediately update the firmware to version "49" or later.'}, {'type': 'paragraph', 'content': 'Additional recommended mitigations include:'}, {'type': 'list_item', 'content': 'Use firewalls or VPNs to restrict unauthorized network access.'}, {'type': 'list_item', 'content': 'Operate the affected products within a trusted LAN environment and block untrusted network access.'}, {'type': 'list_item', 'content': "Employ IP filters as described in the MELSEC iQ-R Ethernet User's Manual."}, {'type': 'list_item', 'content': 'Restrict physical access to the devices and connected LANs.'}, {'type': 'paragraph', 'content': 'For further assistance, contact your local Mitsubishi Electric representative.'}] [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15080. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart