CVE-2025-3784

Information Disclosure Vulnerability in GX Works2

CVSS 5.5 MEDIUMEPSS 0.1%CWE-312

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

27 nov 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Productos afectados

Mitsubishi Electric Corporation · GX Works2

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://jvn.jp/vu/JVNVU95288056/https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-01 https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-016_en.pdf