Execution with Unnecessary Privileges Vulnerability in Mitsubishi Electric GENESIS64 and MC Works64
CVE-2025-0921

6.5MEDIUM

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Genesis64
Mc Works64
Vendor
CVE Published:
15 May 2025

What is CVE-2025-0921?

An execution with unnecessary privileges vulnerability exists in the Pager agent of the multi-agent notification feature of Mitsubishi Electric's GENESIS64 and MC Works64 products. This flaw allows a local authenticated attacker to perform unauthorized file writes through symbolic links, targeting critical files used by system services. If exploited, this could lead to file corruption and a denial-of-service condition on the affected PC, jeopardizing operations.

Affected Version(s)

GENESIS64 all versions

GENESIS64 prior to version 10.97.3

MC Works64 all versions

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU93838985
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...
government-resource

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.