CVE-2025-7405 | Mitsubishi Electric MELSEC iQ-F FX5U-32MT-ES Modbus TCP missing authentication (icsa-25-240-01)

A vulnerability, which was classified as critical, has been found in Mitsubishi Electric MELSEC iQ-F FX5U-32MT-ES, MELSEC iQ-F FX5U-32MT-DS, MELSEC iQ-F FX5U-32MT-ESS, MELSEC iQ-F FX5U-32MT-DSS, MELSEC iQ-F FX5U-64MT-ES, MELSEC iQ-F FX5U-64MT-DS, MELSEC iQ-F FX5U-64MT-ESS, MELSEC iQ-F FX5U-64MT-DSS, MELSEC iQ-F FX5U-80MT-ES, MELSEC iQ-F FX5U-80MT-DS, MELSEC iQ-F FX5U-80MT-ESS, MELSEC iQ-F FX5U-80MT-DSS, MELSEC iQ-F FX5U-32MR-ES, MELSEC iQ-F FX5U-32MR-DS, MELSEC iQ-F FX5U-64MR-ES, MELSEC iQ-F FX5U-64MR-DS, MELSEC iQ-F FX5U-80MR-ES, MELSEC iQ-F FX5U-80MR-DS, MELSEC iQ-F FX5UC-32MT-D, MELSEC iQ-F FX5UC-32MT-DSS, MELSEC iQ-F FX5UC-64MT-D, MELSEC iQ-F FX5UC-64MT-DSS, MELSEC iQ-F FX5UC-96MT-D, MELSEC iQ-F FX5UC-96MT-DSS, MELSEC iQ-F FX5UC-32MT-DS-TS, MELSEC iQ-F FX5UC-32MT-DSS-TS, MELSEC iQ-F FX5UC-32MR-DS-TS, MELSEC iQ-F FX5UJ-24MT-ES, MELSEC iQ-F FX5UJ-24MT-DS, MELSEC iQ-F FX5UJ-24MT-ESS, MELSEC iQ-F FX5UJ-24MT-DSS, MELSEC iQ-F FX5UJ-40MT-ES, MELSEC iQ-F FX5UJ-40MT-DS, MELSEC iQ-F FX5UJ-40MT-ESS, MELSEC iQ-F FX5UJ-40MT-DSS, MELSEC iQ-F FX5UJ-60MT-ES, MELSEC iQ-F FX5UJ-60MT-DS, MELSEC iQ-F FX5UJ-60MT-ESS, MELSEC iQ-F FX5UJ-60MT-DSS, MELSEC iQ-F FX5UJ-24MR-ES, MELSEC iQ-F FX5UJ-24MR-DS, MELSEC iQ-F FX5UJ-40MR-ES, MELSEC iQ-F ‘FX5UJ-40MR-DS, MELSEC iQ-F FX5UJ-60MR-ES, MELSEC iQ-F FX5UJ-60MR-DS, MELSEC iQ-F FX5UJ-24MT-ES-A, MELSEC iQ-F FX5UJ-24MR-ES-A, MELSEC iQ-F FX5UJ-40MT-ES-A, MELSEC iQ-F FX5UJ-40MR-ES-A, MELSEC iQ-F FX5UJ-60MT-ES-A, MELSEC iQ-F FX5UJ-60MR-ES-A, MELSEC iQ-F FX5S-30MT-ES, MELSEC iQ-F FX5S-30MT-DS, MELSEC iQ-F FX5S-30MT-ESS, MELSEC iQ-F FX5S-30MT-DSS, MELSEC iQ-F FX5S-40MT-ES, MELSEC iQ-F FX5S-40MT-DS, MELSEC iQ-F FX5S-40MT-ESS, MELSEC iQ-F FX5S-40MT-DSS, MELSEC iQ-F FX5S-60MT-ES, MELSEC iQ-F FX5S-60MT-DS, MELSEC iQ-F FX5S-60MT-ESS, MELSEC iQ-F FX5S-60MT-DSS, MELSEC iQ-F FX5S-80MT-ES, MELSEC iQ-F FX5S-80MT-DS, MELSEC iQ-F FX5S-80MT-ESS, MELSEC iQ-F FX5S-80MT-DSS, MELSEC iQ-F FX5S-30MR-ES, MELSEC iQ-F FX5S-30MR-DS, MELSEC iQ-F FX5S-40MR-ES, MELSEC iQ-F FX5S-40MR-DS, MELSEC iQ-F FX5S-60MR-ES, MELSEC iQ-F FX5S-60MR-DS, MELSEC iQ-F FX5S-80MR-ES and MELSEC iQ-F FX5S-80MR-DS. This impacts an unknown function of the component Modbus TCP. This manipulation causes missing authentication.

This vulnerability is tracked as CVE-2025-7405. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to implement restrictive firewalling.

CVE-2025-7405 | Mitsubishi Electric MELSEC iQ-F FX5U-32MT-ES Modbus TCP missing authentication (icsa-25-240-01)

Post correlati

CVE-2024-22368 | Spreadsheet::ParseXLSX prior 0.28 on Perl XLSX Document resource consumption

CVE-2024-47226 | NetBox 4.0.x Configuration History /core/config-revisions/ Add Action Top banner cross site scripting

CVE-2025-51482 | letta 0.7.12 /v1/tools/run access control

CVE-2025-4595 | FastSpring Plugin up to 3.0.1 on WordPress cross site scripting