Windows Shortcut Vulnerability in Mitsubishi Electric Iconics Digital Solutions Products
CVE-2025-7376

5.9MEDIUM

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Genesis64
Mc Works64
Genesis
Vendor
CVE Published:
6 August 2025

What is CVE-2025-7376?

A vulnerability exists in Mitsubishi Electric Iconics Digital Solutions GENESIS64 and related products that allows local authenticated attackers to manipulate file write operations. By leveraging a specially crafted symbolic link, attackers can redirect writes to unauthorized locations on the system. This could lead to the destruction of critical files, potentially causing a denial-of-service (DoS) condition on the affected PC, as vital operations may depend on these files.

Affected Version(s)

GENESIS version 11.00

GENESIS version 11.00

GENESIS64 all versions

References

https://jvn.jp/vu/JVNVU96364629
government-resource
https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...
government-resource

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.