Input Validation Flaw in Mitsubishi Electric MELSEC iQ-R Series
CVE-2025-15080

8.8HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Melsec Iq-r Series R08pcpu
Melsec Iq-r Series R16pcpu
Melsec Iq-r Series R32pcpu
Melsec Iq-r Series R120pcpu
Vendor
CVE Published:
5 February 2026

What is CVE-2025-15080?

An input validation vulnerability in the Mitsubishi Electric MELSEC iQ-R Series (models R08PCPU, R16PCPU, R32PCPU, and R120PCPU) permits unauthorized entities to exploit the system. Attackers may read sensitive device data or segments of control programs, alter device data, and create a denial of service (DoS) condition by dispatching specially crafted packets with precise commands. This flaw underscores the importance of robust validation mechanisms to safeguard against unauthorized data access and operational disruption.

Affected Version(s)

MELSEC iQ-R Series R08PCPU Firmware versions "48" and prior

MELSEC iQ-R Series R120PCPU Firmware versions "48" and prior

MELSEC iQ-R Series R16PCPU Firmware versions "48" and prior

References

https://jvn.jp/vu/JVNVU95093080/
government-resource
https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-26-0...
government-resource

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.