CVE-2025-15080
Unknown Unknown - Not Provided
Improper Input Validation in Mitsubishi MELSEC iQ-R Enables DoS, Data Access

Publication date: 2026-02-05

Last updated on: 2026-02-06

Assigner: Mitsubishi Electric Corporation

Description
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted packet containing a specific command to the affected product.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-06
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-15080
EUVD
EUVD-2025-206873
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
mitsubishi_electric melsec_iq-r_series r08pcpu
mitsubishi_electric melsec_iq-r_series r16pcpu
mitsubishi_electric melsec_iq-r_series r32pcpu
mitsubishi_electric melsec_iq-r_series to 49 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15080 is a vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU devices caused by improper validation of specified quantity in input. This flaw allows an unauthenticated attacker to send specially crafted packets containing specific commands to the affected devices.

Due to this improper input validation, the attacker can read device data or parts of control programs, write device data, or cause a denial of service (DoS) condition on the affected product.

Impact Analysis

This vulnerability can have several serious impacts including:

  • Unauthorized reading of device data or parts of control programs, potentially exposing sensitive information.
  • Unauthorized writing or tampering with device data, which can affect the integrity of the system.
  • Denial of Service (DoS) conditions that disrupt the normal operation and availability of the affected devices.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate the vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU devices, immediately update the firmware to version "49" or later.'}, {'type': 'paragraph', 'content': 'Additional recommended mitigations include:'}, {'type': 'list_item', 'content': 'Use firewalls or VPNs to restrict unauthorized network access.'}, {'type': 'list_item', 'content': 'Operate the affected products within a trusted LAN environment and block untrusted network access.'}, {'type': 'list_item', 'content': "Employ IP filters as described in the MELSEC iQ-R Ethernet User's Manual."}, {'type': 'list_item', 'content': 'Restrict physical access to the devices and connected LANs.'}, {'type': 'paragraph', 'content': 'For further assistance, contact your local Mitsubishi Electric representative.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15080. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart