CVE-2025-0921
📋 TL;DR
A local privilege escalation vulnerability in multiple Mitsubishi Electric industrial control software products allows authenticated attackers to create symbolic links that redirect file writes to arbitrary locations. This could enable destruction of critical system files, causing denial-of-service conditions. Affected systems include GENESIS64, ICONICS Suite, MC Works64, GENESIS, GENESIS32, and BizViz installations.
💻 Affected Systems
- Mitsubishi Electric GENESIS64
- Mitsubishi Electric Iconics Digital Solutions GENESIS64
- Mitsubishi Electric ICONICS Suite
- Mitsubishi Electric Iconics Digital Solutions ICONICS Suite
- Mitsubishi Electric MC Works64
- Mitsubishi Electric GENESIS
- Mitsubishi Electric Iconics Digital Solutions GENESIS
- Mitsubishi Electric GENESIS32
- Mitsubishi Electric Iconics Digital Solutions GENESIS32
- Mitsubishi Electric BizViz
- Mitsubishi Electric Iconics Digital Solutions BizViz
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Critical system files are destroyed, rendering the industrial control system PC inoperable and disrupting industrial operations.
Likely Case
Local authenticated attacker destroys application or system files, causing service disruption on affected PCs.
If Mitigated
Limited to local authenticated users with proper file permissions, minimal impact with proper monitoring.
🎯 Exploit Status
Exploitation requires local authenticated access and ability to create symbolic links. No public exploit code identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Contact Mitsubishi Electric for specific patch versions
Vendor Advisory: https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2025-002_en.pdf
Restart Required: Yes
Instructions:
1. Review vendor advisory for specific product patches. 2. Apply patches provided by Mitsubishi Electric. 3. Restart affected systems. 4. Verify patch application.
🔧 Temporary Workarounds
Restrict symbolic link creation
windowsConfigure Windows security policies to restrict symbolic link creation to privileged users only
Configure via Group Policy: Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment > Create symbolic links
Limit local user privileges
windowsRestrict local user accounts to minimal necessary privileges on affected systems
🧯 If You Can't Patch
- Implement strict access controls to limit local authenticated users on affected systems
- Monitor for unusual file system activity and symbolic link creation attempts
🔍 How to Verify
Check if Vulnerable:
Check installed software versions against affected product list in vendor advisoryCheck Version:
Check Control Panel > Programs and Features for installed Mitsubishi Electric software versionsVerify Fix Applied:
Verify patch installation through vendor-provided verification methods or version checks📡 Detection & Monitoring
Log Indicators:
- Windows Security Event Logs: Event ID 4656 (Handle to object requested) with symbolic link creation
- Application logs showing file access errors or service disruptions
Network Indicators:
- No network-based indicators as this is local exploitation
SIEM Query:
Windows EventID:4656 AND ObjectType:"SymbolicLink" AND ProcessName contains "GENESIS" OR "ICONICS" OR "BizViz"