CVE-2025-3755CRITICAL 9.1EPSS p48.1%

CVE-2025-3755CVE-2025-3755

Description

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS0.69% probability of exploitation · percentile 48.1% · 2026-06-19T12:03:05Z
Published2025-05-29
Last modified2026-04-15

Underlying weaknesses· 1

CWE-1285

References

  1. https://jvn.jp/vu/JVNVU94070048/
  2. https://www.cisa.gov/news-events/ics-advisories/icsa-25-153-03
  3. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-003_en.pdf

1

TypeTargetConfidenceTier
WeaknessImproper Validation of Specified Index, Position, or Offset in Inputcwe-12850%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2022-24946
CVE
CVE-2025-11774
CVE
CVE-2025-3699
CVE
CVE-2025-3128
CVE
CVE-2025-4125
CVE
CVE-2025-4124
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.