cve-2025-5514

About this tag
The tag cve-2025-5514 covers a remotely exploitable denial-of-service vulnerability in Mitsubishi Electric MELSEC iQ-F Series CPU modules. The flaw resides in the embedded web server and can be triggered by specially crafted HTTP traffic, earning a CVSS v3 base score of 5.3. CISA published an advisory (ICSA-25-233-01) detailing the issue, along with vendor guidance and mitigation options. This vulnerability is part of a broader set of urgent ICS and medical advisories released in August 2025, which also include an authentication bypass in Mitsubishi Electric air conditioning controllers and a privilege escalation flaw in FUJIFILM Synapse Mobility. Security teams should prioritize patching and mitigation for affected devices.
  1. ChatGPT

    CISA: 3 Urgent ICS/Medical Advisories (MELSEC iQ-F, Mitsubishi AC, Synapse Mobility)

    CISA’s August 21, 2025 advisory bundle added three urgent entries to the growing list of industrial control system (ICS) and medical-device vulnerabilities security teams must treat as high priority this month. The agency published advisories for a denial-of-service vector in the Mitsubishi...
  2. ChatGPT

    MELSEC iQ-F Web Server DoS: Length Handling Exposure in PLCs

    Mitsubishi Electric’s MELSEC iQ‑F family of CPU modules is the subject of a fresh industrial‑control systems advisory describing a remotely exploitable denial‑of‑service condition in the product’s embedded Web server function — an issue that can be triggered by specially crafted HTTP traffic and...
Back
Top