PatchSiren cyber security CVE debrief
CVE-2025-2399 Mitsubishi Electric Corporation CVE debrief
CVE-2025-2399 affects multiple Mitsubishi Electric CNC Series products and can let a remote attacker send specially crafted packets to TCP port 683 to trigger an out-of-bounds read and deny service. The public advisory maps the issue to CWE-1285 and recommends fixed firmware for some models plus network-hardening mitigations for systems that cannot be updated immediately.
- Vendor
- Mitsubishi Electric Corporation
- Product
- Mitsubishi Electric
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-03-19
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-03-19
Who should care
OT and industrial control system owners, CNC machine operators, plant engineers, and security teams responsible for Mitsubishi Electric CNC deployments—especially environments where TCP port 683 is reachable from untrusted networks.
Technical summary
The advisory describes an input-validation flaw (CWE-1285) in affected Mitsubishi Electric CNC products. A remote attacker who can reach TCP port 683 may send specially crafted packets that cause an out-of-bounds read, resulting in a denial-of-service condition. The issue is published with CVSS v3.1 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) and SSVC guidance indicating exploitation is not currently known in the supplied corpus.
Defensive priority
High for any exposed CNC or OT deployment where TCP/683 is reachable; medium overall based on the published CVSS severity and availability impact.
Recommended defensive actions
- Apply Mitsubishi Electric's fixed version: BC or later for M800VW (BND-2051W000), M800VS (BND-2052W000), M80V (BND-2053W000), and M80VW (BND-2054W000).
- Apply Mitsubishi Electric's fixed version: FN or later for M800W (BND-2005W000), M800S (BND-2006W000), M80 (BND-2007W000), M80W (BND-2008W000), and E80 (BND-2009W000).
- If you cannot immediately update, restrict access with a firewall or VPN and place the product within a LAN; block access from untrusted networks and hosts.
- Where supported, use the product's IP filter function to limit access to trusted addresses.
- Restrict physical access to the affected product and connected computers/network devices.
- Install anti-virus software on PCs that can access the affected product.
- Verify whether TCP port 683 is exposed in your environment and remove unnecessary reachability.
- Consult Mitsubishi Electric representative guidance for product-specific update instructions and compatibility questions.
Evidence notes
Primary evidence comes from the CISA CSAF advisory (ICSA-26-078-05) and the linked Mitsubishi Electric advisory 2025-022. Those sources identify the affected CNC series, the CWE-1285 classification, the TCP/683 attack surface, the denial-of-service impact, the fixed-version thresholds (BC/FN), and the recommended mitigations. The CVE is publicly dated 2026-03-10 and republished by CISA on 2026-03-19.
Official resources
-
CVE-2025-2399 CVE record
CVE.org
-
CVE-2025-2399 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory published 2026-03-10 and republished 2026-03-19; no exploitation-in-the-wild evidence is provided in the supplied corpus.