What is CVE-2025-2399?

CVE-2025-2399 is a medium-severity vulnerability in Mitsubishi Electric Corporation Cnc C80 Series, classified under CWE-1285. CVSS score: 5.9/10. Published 2026-03-10.

How severe is CVE-2025-2399?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Mitsubishi Electric Corporation Cnc C80 Series

CVE-2025-2399

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80…

EPSS: 0.000 (7.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Mitsubishi Electric Corporation Cnc C80 Series — versions System Number BND-2036W000 all versions
Mitsubishi Electric Corporation Cnc E70 Series — versions System Number BND-1022W000 all versions
Mitsubishi Electric Corporation Cnc E80 Series — versions System Number BND-2009W000 versions FM and prior
Mitsubishi Electric Corporation Cnc M700v Series M720vs — versions System Number BND-1012W000 all versions
Mitsubishi Electric Corporation Cnc M700v Series M720vw — versions System Number BND-1015W000 all versions
Mitsubishi Electric Corporation Cnc M700v Series M730vs — versions System Number BND-1012W000 all versions
Mitsubishi Electric Corporation Cnc M700v Series M730vw — versions System Number BND-1015W000 all versions
Mitsubishi Electric Corporation Cnc M700v Series M750vs — versions System Number BND-1012W002 all versions
Mitsubishi Electric Corporation Cnc M700v Series M750vw — versions System Number BND-1015W002 all versions
Mitsubishi Electric Corporation Cnc M70v Series — versions System Number BND-1018W000 all versions

Weakness classification (CWE)

CWE-1285

References

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2025-022_en.pdf (vendor-advisory)
jvn.jp/vu/JVNVU95523788/ (government-resource)
www.cisa.gov/news-events/ics-advisories/icsa-26-078-05 (government-resource)

Frequently asked questions

What is CVE-2025-2399?: CVE-2025-2399 is a medium-severity vulnerability in Mitsubishi Electric Corporation Cnc C80 Series, classified under CWE-1285. CVSS score: 5.9/10. Published 2026-03-10.
How severe is CVE-2025-2399?: Medium severity. CVSS v3 base score is 5.9 out of 10.