Remote Command Execution Vulnerability in Mitsubishi Electric SmartRTU
CVE-2025-3128

9.3CRITICAL

Key Information:

Vendor: Mitsubishi Electric Europe
Status: Smartrtu
Vendor: CVE Published:; 21 August 2025

🔔 Create Mitsubishi Electric Europe Vulnerability Alert

What is CVE-2025-3128?

A security vulnerability has been identified in Mitsubishi Electric's smartRTU that allows unauthenticated attackers to bypass authentication mechanisms. This can potentially enable the execution of arbitrary operating system commands, leading to unauthorized access and disclosure of sensitive information, manipulation of critical data, destruction of files, or even the potential to create a denial-of-service condition. Organizations using affected versions should take immediate action to mitigate these risks to safeguard their operational systems.

Affected Version(s)

smartRTU 0 <= 3.37

References

https://emea.mitsubishielectric.com/fa/products/quality/q...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Apr 2, 2025

Credit

Noam Moshe of Claroty Team82 reported this vulnerability to CISA.

JSON