gx works2

GX Works2, the engineering software from Mitsubishi Electric for programming MELSEC programmable logic controllers, has a disclosed vulnerability tracked as CVE-2025-3784. This flaw leaves project-level credentials stored in plaintext inside project files, allowing anyone with file access to extract authentication data, open protected projects, and read or alter control logic. Mitsubishi's advisory confirms all versions are affected, with a CVSS v3.1 base score of 5.5. Discussions on WindowsForum cover the technical details, impact on industrial control systems, and mitigation steps for users of GX Works2.