CVE-2025-10259

MEDIUM5.3

Denial-of-Service(DoS) Vulnerability in TCP Communication Function on MELSEC iQ-F Series CPU module

Published Nov 6, 2025

Modified 2 months ago

No fix available

Details

Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. There is no impact on connections other than the attacked one.

References

WEBhttps://jvn.jp/vu/JVNVU92088475/WEBhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-317-01 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-10259 ADVISORYhttps://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-014_en.pdf

CVSS Analysis

CVSS v3.1

5.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

LowA:L

5.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weakness Type (CWE)

Other

CWE-1284

Ecosystems

Timeline

PublishedNov 6, 2025

ModifiedNov 14, 2025