Cleartext Storage Vulnerability in Mitsubishi Electric Products
CVE-2025-14815

9.3CRITICAL

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Genesis64
Iconics Suite
Mobilehmi
Hyper Historian
Vendor
CVE Published:
8 April 2026

What is CVE-2025-14815?

A vulnerability in various Mitsubishi Electric products allows local attackers to exploit the local caching feature when SQL authentication is used. This enables unauthorized access to SQL Server credentials stored in plaintext within a local SQLite file. If successfully exploited, attackers could potentially gain access to the SQL Server, leading to data disclosure, tampering, or destruction, and may also cause denial-of-service conditions.

Affected Version(s)

AnalytiX versions 10.97.3 and prior

AnalytiX versions 10.97.3 and prior

GENESIS versions 11.02 and prior

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://jvn.jp/vu/JVNVU90646130/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...
government-resource

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.