CVE-2025-8531

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with serial numbers starting with "24082" through "27081"

Description An improper handling of length parameter inconsistency can lead to an integer underflow. This allows a remote attacker to disrupt Ethernet communication and halt the execution of control programs on the product when the user authentication function is enabled. The user authentication function is enabled by default only when configured through GX Works2, complying with the Cybersecurity Law of the People’s Republic of China, and is typically disabled.

Recommendations For Mitsubishi Electric Corporation MELSEC-Q Series Q03UDVCPU, Q04UDVCPU, Q06UDVCPU, Q13UDVCPU, Q26UDVCPU, Q04UDPVCPU, Q06UDPVCPU, Q13UDPVCPU, and Q26UDPVCPU with serial numbers starting with "24082" through "27081", ensure the user authentication function remains disabled unless specifically required and configured through GX Works2.