Critical severity9.1NVD Advisory· Published May 29, 2025· Updated Apr 15, 2026

CVE-2025-3755

Description

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/vu/JVNVU94070048/nvd
www.cisa.gov/news-events/ics-advisories/icsa-25-153-03nvd
www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-003_en.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000