CVE-2025-15080

216.73.217.22

· Published 05/02/2026 06:15 · Modified 06/02/2026 07:16

Labels: CVE-2025-15080 2026-02-05 CVE-2025-15080 CWE-1284 [email protected]

Essential information

Published: 05/02/2026 06:15
Modified: 06/02/2026 07:16
Author: —
Creator: —
CVSS: 8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial of service (DoS) condition on the affected product by sending a specially crafted packet containing a specific command to the affected product.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
mitsubishi / melsec iq-r series	`cpe:2.3:a:mitsubishi:melsec_iq-r_series:r08pcpu:::::::*`
mitsubishi / melsec iq-r series	`cpe:2.3:a:mitsubishi:melsec_iq-r_series:r16pcpu:::::::*`
mitsubishi / melsec iq-r series	`cpe:2.3:a:mitsubishi:melsec_iq-r_series:r32pcpu:::::::*`
mitsubishi / melsec iq-r series	`cpe:2.3:a:mitsubishi:melsec_iq-r_series:r120pcpu:::::::*`