CVE-2025-3232

Summary

A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi Electric EuropesmartRTU0 <= 3.37affected

Weaknesses

  • CWE-306: CWE-306

Workarounds

Mitsubishi Electric Europe B.V. recommends that users take note of the following mitigation measures to minimize the risk of exploiting this vulnerability:

  • Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.

  • Use within a LAN and block access from untrusted networks and hosts through firewalls.

  • Use web application firewall (WAF) to prevent to filter, monitor and block any malicious HTTP/HTTPS traffic.

  • Allow web client access from trusted networks only.

For more information, please see Mitsubishi Electric Europe MEU_PSIRT_2025-3128 https://emea.mitsubishielectric.com/fa/products/quality/quality-news-information  under the "Vulnerability Information" section.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References