How severe is CVE-2025-5241?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Mitsubishi Electric Corporation Melsec Iq-f Series Fx5-cclgn-ms

CVE-2025-5241

Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain period by repeatedly attempting to login wi…

EPSS: 0.005 (65.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Mitsubishi Electric Corporation Melsec Iq-f Series Fx5-cclgn-ms — versions All versions
Mitsubishi Electric Corporation Melsec Iq-f Series Fx5s-30mr/ds — versions All versions
Mitsubishi Electric Corporation Melsec Iq-f Series Fx5s-30mr/es — versions All versions
Mitsubishi Electric Corporation Melsec Iq-f Series Fx5s-30mt/ds — versions All versions
Mitsubishi Electric Corporation Melsec Iq-f Series Fx5s-30mt/dss — versions All versions
Mitsubishi Electric Corporation Melsec Iq-f Series Fx5s-30mt/es — versions All versions
Mitsubishi Electric Corporation Melsec Iq-f Series Fx5s-30mt/ess — versions All versions
Mitsubishi Electric Corporation Melsec Iq-f Series Fx5s-40mr/ds — versions All versions
Mitsubishi Electric Corporation Melsec Iq-f Series Fx5s-40mr/es — versions All versions
Mitsubishi Electric Corporation Melsec Iq-f Series Fx5s-40mt/ds — versions All versions

Weakness classification (CWE)

CWE-645

References

www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-005_en.pdf (vendor-advisory)
www.cisa.gov/news-events/ics-advisories/icsa-25-184-04 (government-resource)

Frequently asked questions

What is CVE-2025-5241?: CVE-2025-5241 is a medium-severity vulnerability in Mitsubishi Electric Corporation Melsec Iq-f Series Fx5-cclgn-ms, classified under CWE-645. CVSS score: 5.3/10. Published 2025-07-11.
How severe is CVE-2025-5241?: Medium severity. CVSS v3 base score is 5.3 out of 10.