CVE-2025-7376
Aug. 6, 2025, 8:23 p.m.
5.9
Medium
Description
Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric MC Works64 all versions, and Mitsubishi Electric GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishi Electric |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-64
Windows Shortcut Following (.LNK)
The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | mitsubishi_electric | iconics_digital_solutions_genesis64 | / | / | / | / | / | / | / | / |
| a | mitsubishi_electric | genesis | 11.00 | / | / | / | / | / | / | / |
| a | mitsubishi_electric | genesis64 | / | / | / | / | / | / | / | / |
| a | mitsubishi_electric | mc_works64 | / | / | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: LOCAL
- Attack Complexity: LOW
- Privileges Required: LOW
- Scope: CHANGED
- Confidentiality Impact: NONE
- Integrity Impact: HIGH
- Availability Impact: NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Timeline
Published: Aug. 6, 2025, 7:15 a.m.
Last Modified: Aug. 6, 2025, 8:23 p.m.
Last Modified: Aug. 6, 2025, 8:23 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.