Mitsubishi GX Works2 Information Disclosure via Plaintext Credential Storage (CVE-2025-3784)

Key Information Title: Information Disclosure Vulnerability in GX Works2 Release Date: November 27, 2025 Vulnerability ID: CVE-2025-3784 Overview GX Works2 contains an information disclosure vulnerability that stores credential information in plaintext, allowing attackers to leak these plaintext credentials from project files. This could enable attackers to bypass user authentication, open protected project files, and access or modify project information. CVSS CVE-2025-3784 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 5.5 Affected Products All versions of GX Works2 are affected. Description GX Works2 contains an information disclosure vulnerability (CWE-312) due to the plaintext storage of sensitive information. Impact Attackers can leak credential information stored in plaintext within project files, potentially enabling them to bypass user authentication, open protected project files, and access or modify project information. Customer Countermeasures A fix for this vulnerability is currently under development. Until the fixed version is released, please implement the following mitigations. Mitigations / Workarounds Mitsubishi Electric recommends customers implement the following mitigations to reduce the risk of exploitation: - Use PCs with the affected product installed, and block remote logins from untrusted networks, hosts, or users within the local area network. - Use firewalls or virtual private networks (VPNs) to prevent unauthorized access, and allow remote logins only for trusted users when connecting to the internet. - Restrict physical access to PCs running the affected product, as well as to PCs and network devices that can communicate with them. - Install antivirus software on PCs running the affected product. - Encrypt project files when sending or receiving them over the internet. Acknowledgments Mitsubishi Electric thanks Jiho Shin, a Master’s graduate from Sungkyunkwan University, for reporting this vulnerability. Contact Information Please contact your local Mitsubishi Electric representative. https://www.mitsubishielectric.com/fa/support/index.html

Goal Reached Thanks to every supporter — we hit 100%!

Mitsubishi GX Works2 Information Disclosure via Plaintext Credential Storage (CVE-2025-3784)