CVE-2025-2399 - Vulnerability Details

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Mitsubishi Electric	Cnc C80 Series C80 Cnc E70 Series E70 Cnc E80 Series E80 Cnc M700v Series M720vs Cnc M700v Series M720vw Cnc M700v Series M730vs Cnc M700v Series M730vw Cnc M700v Series M750vs Cnc M700v Series M750vw Cnc M70v Series M70v Cnc M800 Series M800s Cnc M800 Series M800w Cnc M800v Series M800vs Cnc M800v Series M800vw Cnc M80 Series M80 Cnc M80 Series M80w Cnc M80v Series M80v Cnc M80v Series M80vw Cnc Software Tools Nc Trainer2 Cnc Software Tools Nc Trainer2 Plus

No data.

References

Link	Providers
https://jvn.jp/vu/JVNVU95523788/
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2025-022_en.pdf

History

Wed, 11 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mitsubishi Electric Mitsubishi Electric cnc C80 Series C80 Mitsubishi Electric cnc E70 Series E70 Mitsubishi Electric cnc E80 Series E80 Mitsubishi Electric cnc M700v Series M720vs Mitsubishi Electric cnc M700v Series M720vw Mitsubishi Electric cnc M700v Series M730vs Mitsubishi Electric cnc M700v Series M730vw Mitsubishi Electric cnc M700v Series M750vs Mitsubishi Electric cnc M700v Series M750vw Mitsubishi Electric cnc M70v Series M70v Mitsubishi Electric cnc M800 Series M800s Mitsubishi Electric cnc M800 Series M800w Mitsubishi Electric cnc M800v Series M800vs Mitsubishi Electric cnc M800v Series M800vw Mitsubishi Electric cnc M80 Series M80 Mitsubishi Electric cnc M80 Series M80w Mitsubishi Electric cnc M80v Series M80v Mitsubishi Electric cnc M80v Series M80vw Mitsubishi Electric cnc Software Tools Nc Trainer2 Mitsubishi Electric cnc Software Tools Nc Trainer2 Plus
Vendors & Products		Mitsubishi Electric Mitsubishi Electric cnc C80 Series C80 Mitsubishi Electric cnc E70 Series E70 Mitsubishi Electric cnc E80 Series E80 Mitsubishi Electric cnc M700v Series M720vs Mitsubishi Electric cnc M700v Series M720vw Mitsubishi Electric cnc M700v Series M730vs Mitsubishi Electric cnc M700v Series M730vw Mitsubishi Electric cnc M700v Series M750vs Mitsubishi Electric cnc M700v Series M750vw Mitsubishi Electric cnc M70v Series M70v Mitsubishi Electric cnc M800 Series M800s Mitsubishi Electric cnc M800 Series M800w Mitsubishi Electric cnc M800v Series M800vs Mitsubishi Electric cnc M800v Series M800vw Mitsubishi Electric cnc M80 Series M80 Mitsubishi Electric cnc M80 Series M80w Mitsubishi Electric cnc M80v Series M80v Mitsubishi Electric cnc M80v Series M80vw Mitsubishi Electric cnc Software Tools Nc Trainer2 Mitsubishi Electric cnc Software Tools Nc Trainer2 Plus

Tue, 10 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 10 Mar 2026 05:00:00 +0000

Type	Values Removed	Values Added
Description		Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683.
Title		Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series
Weaknesses		CWE-1285
References		https://jvn.jp/vu/JVNVU95523788/ https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2025-022_en.pdf
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2026-03-10T04:40:00.599Z

Updated: 2026-03-10T17:32:04.722Z

Reserved: 2025-03-17T08:30:11.608Z

Link: CVE-2025-2399

Vulnrichment

Updated: 2026-03-10T17:31:59.976Z

NVD

Status : Awaiting Analysis

Published: 2026-03-10T16:44:08.217

Modified: 2026-03-11T13:53:47.157

Link: CVE-2025-2399

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object