Cleartext Storage of Sensitive Information Vulnerability in Mitsubishi Electric GT Designer3
CVE-2025-11009

5.1MEDIUM

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Gt Designer3 Version1 (got2000); Gt Designer3 Version1 (got1000)
Vendor: CVE Published:; 17 December 2025

🔔 Create Mitsubishi Electric Corporation Vulnerability Alert

What is CVE-2025-11009?

A vulnerability in Mitsubishi Electric's GT Designer3 versions for GOT2000 and GOT1000 series presents a risk of exposing sensitive plaintext credentials. This occurs due to improper storage practices in project files, allowing local unauthenticated attackers to retrieve these credentials. If exploited, this could enable unauthorized operations on the affected devices, potentially leading to severe security breaches.

Affected Version(s)

GT Designer3 Version1 (GOT1000) all versions

GT Designer3 Version1 (GOT2000) all versions

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...

vendor-advisory

https://jvn.jp/vu/JVNVU99629801/

government-resource

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Sep 26, 2025

CVE-2025-11009 Data

JSON