CVE-2025-15080 is a critical, network-reachable vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08/16/32/120PCPU firmware affecting proprietary protocol and SLMP communications. According to the CISA advisory republishing Mitsubishi Electric’s 2025-020 notice, a specially crafted packet with a specific command may let an attacker read device data or part of a control program, write device data, o [truncated]
CVE-2025-10314 is a high-severity local code execution issue in Mitsubishi Electric FREQSHIP-mini for Windows. CISA’s advisory says incorrect default permissions can let a local attacker replace the service executable or DLL files in the installation directory with crafted files, leading to arbitrary code execution with system privileges. Mitsubishi Electric says the issue is addressed in version 8.1.0 or later.
