Remote Command Execution Vulnerability in Mitsubishi Electric Products
CVE-2025-3232
8.7HIGH
What is CVE-2025-3232?
A vulnerability in Mitsubishi Electric products allows remote unauthenticated attackers to bypass authentication mechanisms. By exploiting a specific API route, these attackers may gain the ability to execute arbitrary operating system commands, potentially compromising the affected systems and data integrity. This security issue highlights the importance of securing API endpoints and implementing robust authentication protocols.
Affected Version(s)
smartRTU 0 <= 3.37
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Noam Moshe of Claroty Team82 reported this vulnerability to CISA.