← voltar
CVE-2025-3784

Information Disclosure Vulnerability in GX Works2

CVSS 5.5 MEDIUMEPSS 0.1%CWE-312
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.5EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
27 nov 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
Mitsubishi Electric Corporation · GX Works2

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://jvn.jp/vu/JVNVU95288056/https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-01https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-016_en.pdf