Incorrect Default Permissions in Mitsubishi Electric FREQSHIP-mini for Windows
CVE-2025-10314

8.8HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Freqship-mini For Windows
Vendor
CVE Published:
5 February 2026

What is CVE-2025-10314?

A vulnerability exists in Mitsubishi Electric's FREQSHIP-mini for Windows, where incorrect default permissions allow a local attacker to execute arbitrary code with system privileges. This can be accomplished by replacing executable files (EXE) or dynamic link libraries (DLLs) within the installation directory using specially crafted files. Consequently, an attacker could gain unauthorized access to sensitive information, modify or delete data, or trigger a Denial of Service (DoS) condition on the affected system.

Affected Version(s)

FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://jvn.jp/jp/JVN64883963/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...
government-resource

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.