Windows Shortcut Vulnerability in Mitsubishi Electric Iconics Digital Solutions Products
CVE-2025-7376

5.9MEDIUM

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Genesis64
Iconics Suite
Mobilehmi
Hyper Historian
Vendor
CVE Published:
6 August 2025

What is CVE-2025-7376?

A vulnerability exists in Mitsubishi Electric Iconics Digital Solutions GENESIS64 and related products that allows local authenticated attackers to manipulate file write operations. By leveraging a specially crafted symbolic link, attackers can redirect writes to unauthorized locations on the system. This could lead to the destruction of critical files, potentially causing a denial-of-service (DoS) condition on the affected PC, as vital operations may depend on these files.

Affected Version(s)

AnalytiX versions 10.97.3 and prior

AnalytiX versions 10.97.3 and prior

GENESIS version 11.00

References

https://jvn.jp/vu/JVNVU96364629
government-resource
https://www.mitsubishielectric.com/psirt/vulnerability/pd...
vendor-advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...
government-resource

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.