Improper Input Validation in Mitsubishi Electric MELSEC iQ-F Series CPU Module
CVE-2025-10259

5.3MEDIUM

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Melsec Iq-f Series Fx5u-32mt/es; Melsec Iq-f Series Fx5u-32mt/ds; Melsec Iq-f Series Fx5u-32mt/ess; Melsec Iq-f Series Fx5u-32mt/dss
Vendor: CVE Published:; 6 November 2025

🔔 Create Mitsubishi Electric Corporation Vulnerability Alert

What is CVE-2025-10259?

An improper validation vulnerability in the TCP communication function of the MELSEC iQ-F Series CPU module from Mitsubishi Electric allows remote attackers to disrupt operations by sending specially crafted TCP packets. This situation can lead to a denial-of-service (DoS) condition affecting only the targeted connection, thereby immobilizing the device without impacting other active connections.

Affected Version(s)

MELSEC iQ-F Series FX5S-30MR/DS All versions

MELSEC iQ-F Series FX5S-30MR/ES All versions

MELSEC iQ-F Series FX5S-30MR/ES-A All versions

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...

vendor-advisory

https://jvn.jp/vu/JVNVU92088475/

government-resource

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Sep 11, 2025

Credit

Qian Zou, Ke Xu, Xuewei Feng, Qi Li, Xueying Li, and Gang Jin from Zhongguancun Laboratory at Tsinghua University

JSON