Improper Handling of Length Parameter in Mitsubishi Electric MELSEC iQ-F Series CPU Module
CVE-2025-5514

5.3MEDIUM

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Melsec Iq-f Series Fx5u-32mt/es
Melsec Iq-f Series Fx5u-32mt/ds
Melsec Iq-f Series Fx5u-32mt/ess
Melsec Iq-f Series Fx5u-32mt/dss
Vendor
CVE Published:
25 August 2025

What is CVE-2025-5514?

A vulnerability has been identified in the Mitsubishi Electric MELSEC iQ-F Series CPU module that arises from improper handling of length parameter inconsistencies in its web server function. This flaw enables a remote unauthenticated attacker to issue specially crafted HTTP requests, which can delay the processing of web server functions. Consequently, legitimate users may be unable to access and utilize these functionalities, leading to potential disruptions in operations.

Affected Version(s)

MELSEC iQ-F Series FX5S-30MR/DS All versions

MELSEC iQ-F Series FX5S-30MR/ES All versions

MELSEC iQ-F Series FX5S-30MT/DS All versions

References

https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://jvn.jp/vu/JVNVU90316328/
government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...
government-resource

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.