CVE-2025-7731 - Vulnerability Details

Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product and stop the operations of programs by using the obtained credential information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0002.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Mitsubishi Electric	Melsec Iq-f Series

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Mitsubishi Electric	Melsec Iq-f Series

References

Link	Providers
https://jvn.jp/vu/JVNVU90041458/
https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-02
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-012_en.pdf

History

Tue, 02 Sep 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 01 Sep 2025 09:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mitsubishi Electric Mitsubishi Electric melsec Iq-f Series
Vendors & Products		Mitsubishi Electric Mitsubishi Electric melsec Iq-f Series

Mon, 01 Sep 2025 04:15:00 +0000

Type	Values Removed	Values Added
Description		Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product and stop the operations of programs by using the obtained credential information.
Title		Information Disclosure Vulnerability in MELSEC iQ-F Series CPU module
Weaknesses		CWE-319
References		https://jvn.jp/vu/JVNVU90041458/ https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-02 https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-012_en.pdf
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2025-09-01T03:57:49.657Z

Updated: 2025-09-02T19:28:39.347Z

Reserved: 2025-07-16T22:31:25.034Z

Link: CVE-2025-7731

Vulnrichment

Updated: 2025-09-02T19:28:34.649Z

NVD

Status : Awaiting Analysis

Published: 2025-09-01T04:15:51.357

Modified: 2025-09-02T15:55:25.420

Link: CVE-2025-7731

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-09-01T09:24:46Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object