CVE-2025-10259

Nov. 14, 2025, 3:15 a.m.

5.3
Medium

Description

Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. There is no impact on connections other than the attacked one.

Product(s) Impacted

Product Versions
electric
  • melsec_iq-f_series_cpu

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1284
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References

https://jvn.jp/vu/JVNVU92088475/
https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-01
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-014_en.pdf

Tags

CWE-1284
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
2025-11-06
CVE-2025-10259

CVSS Score

5.3 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: LOW

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

    View Vector String

Timeline

Published: Nov. 6, 2025, 8:15 a.m.
Last Modified: Nov. 14, 2025, 3:15 a.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.