Remote Command Execution Vulnerability in Mitsubishi Electric SmartRTU
CVE-2025-3128

9.3CRITICAL

Key Information:

Vendor: Mitsubishi Electric Europe
Status: Smartrtu
Vendor: CVE Published:; 21 August 2025

🔔 Create Mitsubishi Electric Europe Vulnerability Alert

What is CVE-2025-3128?

A security vulnerability has been identified in Mitsubishi Electric's smartRTU that allows unauthenticated attackers to bypass authentication mechanisms. This can potentially enable the execution of arbitrary operating system commands, leading to unauthorized access and disclosure of sensitive information, manipulation of critical data, destruction of files, or even the potential to create a denial-of-service condition. Organizations using affected versions should take immediate action to mitigate these risks to safeguard their operational systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

smartRTU 0 <= 3.37

References

https://emea.mitsubishielectric.com/fa/products/quality/q...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Apr 2, 2025

Credit

Noam Moshe of Claroty Team82 reported this vulnerability to CISA.

JSON

Mitsubishi Electric Europe

What is CVE-2025-3128?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.