Malicious Code Execution Vulnerability in Mitsubishi Electric Lighting Control Application
CVE-2025-10089

7.7HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Milco.s Setting Application
Milco.s Setting Application (ir)
Milco.s Easy Setting Application (ir)
Milco.s Easy Switch Application (ir)
Vendor
CVE Published:
18 November 2025

What is CVE-2025-10089?

A vulnerability exists in the MILCO.S Setting Application and related products that can allow a local attacker to execute malicious code. This issue arises when the installer loads a malicious DLL, posing a significant risk if the application is not securely installed. Notably, if the program is directly downloaded from Mitsubishi Electric's official website, and the application shows a valid digital signature from the vendor, it mitigates the risk. This vulnerability is active only during the installation phase and does not affect the application's execution post-installation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MILCO.S Easy Setting Application (IR) All versions

MILCO.S Easy Switch Application (IR) All versions

MILCO.S Setting Application All versions

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://jvn.jp/vu/JVNVU97181602/
government-resource

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.