CVE-2025-5514

Medium CVSS: 5.3

Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to delay the processing of the web server function and prevent legitimate users from utilizing the web server function, by sending a specially crafted HTTP request.

Vendor

Product

CWE

CWE-130

Yayın Tarihi

2025-08-25 06:15:27

Güncelleme

2025-08-25 20:24:45

Source Identifier

Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

KEV Date Added

Kategoriler

CWE-130 MEDIUM 2025

Referanslar

https://jvn.jp/vu/JVNVU90316328/ https://www.cisa.gov/news-events/ics-advisories/icsa-25-233-01 https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-010_en.pdf