Malicious Code Execution Vulnerability in Mitsubishi Electric Lighting Control Application
CVE-2025-10089

7HIGH

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Milco.s Setting Application; Milco.s Setting Application (ir); Milco.s Easy Setting Application (ir); Milco.s Easy Switch Application (ir)
Vendor: CVE Published:; 18 November 2025

🔔 Create Mitsubishi Electric Corporation Vulnerability Alert

What is CVE-2025-10089?

A vulnerability exists in the MILCO.S Setting Application and related products that can allow a local attacker to execute malicious code. This issue arises when the installer loads a malicious DLL, posing a significant risk if the application is not securely installed. Notably, if the program is directly downloaded from Mitsubishi Electric's official website, and the application shows a valid digital signature from the vendor, it mitigates the risk. This vulnerability is active only during the installation phase and does not affect the application's execution post-installation.

Affected Version(s)

MILCO.S Easy Setting Application (IR) All versions

MILCO.S Easy Switch Application (IR) All versions

MILCO.S Setting Application All versions

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...

vendor-advisory

https://jvn.jp/vu/JVNVU97181602/

government-resource

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Sep 8, 2025

JSON