CVE-2025-5514

{"id": "CVE-2025-5514", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-08-25T06:15:27.933", "references": [{"url": "https://jvn.jp/vu/JVNVU90316328/", "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-233-01", "source": "[email protected]"}, {"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-010_en.pdf", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-130"}]}], "descriptions": [{"lang": "en", "value": "Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to delay the processing of the web server function and prevent legitimate users from utilizing the web server function, by sending a specially crafted HTTP request."}, {"lang": "es", "value": "La vulnerabilidad de manejo inadecuado de inconsistencia del par\u00e1metro de longitud en la funci\u00f3n del servidor web en el m\u00f3dulo de CPU MELSEC iQ-F Series de Mitsubishi Electric Corporation permite que un atacante remoto no autenticado retrase el procesamiento de la funci\u00f3n del servidor web y evite que usuarios leg\u00edtimos utilicen la funci\u00f3n del servidor web, enviando una solicitud HTTP especialmente manipulada."}], "lastModified": "2025-08-25T20:24:45.327", "sourceIdentifier": "[email protected]"}