CVE-2025-2399— Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-2399
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1285
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mitsubishi Electric多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mitsubishi Electric CNC Series是日本三菱电机(Mitsubishi Electric)公司的一系列数控控制系统。 Mitsubishi Electric多款产品存在安全漏洞,该漏洞源于对输入中的指定索引、位置或偏移验证不当,可能导致远程攻击者通过发送特制数据包造成越界读取,引发拒绝服务。以下产品受到影响:Mitsubishi Electric CNC M800V Series M800VW和M800VS、M80V Series M80V和M80VW、M800 Series M
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-2399
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-2399
请登录查看更多情报信息。
- Mitsubishi Electric CNC Series | CISAgovernment-resource
- JVNVU#95523788: 三菱電機数値制御装置におけるサービス運用妨害(DoS)の脆弱性government-resource
- https://nvd.nist.gov/vuln/detail/CVE-2025-2399
IV. Related Vulnerabilities
Same vendor: Mitsubishi Electric Corporation
- CVE-2025-14816
Information Disclosure, Tampering, and Denial-of-Service Vul - CVE-2025-14815
Information Disclosure, Tampering, and Denial-of-Service Vul - CVE-2026-1876
Denial-of-Service (DoS) vulnerability in Ethernet function o - CVE-2026-1875
Denial-of-Service (DoS) vulnerability in Ethernet function o - CVE-2026-1874
Denial-of-Service (DoS) vulnerability in Ethernet function o
Same weakness: CWE-1285
- CVE-2026-33557
Apache Kafka: Missing JWT token validation in OAUTHBEARER au - CVE-2018-25232
Softros LAN Messenger 9.2 Denial of Service via Log Files Lo - CVE-2019-25625
Blob Studio 2.17 Denial of Service via Malformed Input - CVE-2019-25622
Paint Studio 2.17 Denial of Service via Malformed Input - CVE-2019-25593
jetCast Server 2.0 Denial of Service via Log Directory
V. Comments for CVE-2025-2399
No comments yet