cve 2025 15080

CVE-2025-15080 is a high-severity vulnerability affecting Mitsubishi Electric's MELSEC iQ-R family of programmable logic controllers (PLCs). The flaw allows an unauthenticated remote attacker to read or write device data, access portions of control programs, or cause a denial-of-service (DoS) condition by sending a specially crafted network packet to affected Process CPU modules. This vulnerability is particularly relevant for OT teams and Windows-based engineering hosts that manage these PLCs. Mitsubishi Electric has released a firmware update (version 49 or later) to address the issue. Immediate patching is recommended to secure industrial control environments.