You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-5514
About this tag
The tag cve-2025-5514 covers a remotely exploitable denial-of-service vulnerability in Mitsubishi Electric MELSEC iQ-F Series CPU modules. The flaw resides in the embedded web server and can be triggered by specially crafted HTTP traffic, earning a CVSS v3 base score of 5.3. CISA published an advisory (ICSA-25-233-01) detailing the issue, along with vendor guidance and mitigation options. This vulnerability is part of a broader set of urgent ICS and medical advisories released in August 2025, which also include an authentication bypass in Mitsubishi Electric air conditioning controllers and a privilege escalation flaw in FUJIFILM Synapse Mobility. Security teams should prioritize patching and mitigation for affected devices.
CISA’s August 21, 2025 advisory bundle added three urgent entries to the growing list of industrial control system (ICS) and medical-device vulnerabilities security teams must treat as high priority this month. The agency published advisories for a denial-of-service vector in the Mitsubishi...
air conditioning controllers
cisa
cve-2025-3699
cve-2025-54551
cve-2025-5514
denial of service
fujifilm
ics
industrial control systems
ip filtering
medical devices
melsec iq-f
mitsubishi electric
network segmentation
patch management
security bypass
synapse
vulnerability
web interface
Mitsubishi Electric’s MELSEC iQ‑F family of CPU modules is the subject of a fresh industrial‑control systems advisory describing a remotely exploitable denial‑of‑service condition in the product’s embedded Web server function — an issue that can be triggered by specially crafted HTTP traffic and...
advisory
automation
cisa
cve-2025-5514
dos
firewall
ics
industrial control systems
ip filtering
iq-f
melsec
mitsubishi electric
network segmentation
ot security
patch management
psirt
remote diagnostics
vulnerability
web server
windows