CVE-2025-10314
📋 TL;DR
This vulnerability allows a local attacker to replace service executable files or DLLs in the FREQSHIP-mini installation directory with malicious files, enabling arbitrary code execution with SYSTEM privileges. Affected users are those running Mitsubishi Electric FREQSHIP-mini for Windows versions 8.0.0 through 8.0.2 on Windows systems.
💻 Affected Systems
- Mitsubishi Electric FREQSHIP-mini for Windows
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with SYSTEM privileges, enabling data theft, destruction, ransomware deployment, or persistent backdoor installation across the entire Windows system.
Likely Case
Local privilege escalation leading to unauthorized access to sensitive industrial control system data, configuration tampering, or denial of service affecting critical operations.
If Mitigated
Limited impact with proper file permission controls and monitoring, potentially only allowing file tampering detection without successful exploitation.
🎯 Exploit Status
Exploitation requires local access but is straightforward once access is obtained - simply replace executable files in the installation directory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to version 8.0.3 or later
Vendor Advisory: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-019_en.pdf
Restart Required: Yes
Instructions:
1. Download FREQSHIP-mini version 8.0.3 or later from Mitsubishi Electric support portal. 2. Backup current configuration and data. 3. Uninstall current version. 4. Install updated version. 5. Restart the system. 6. Verify proper operation.
🔧 Temporary Workarounds
Restrict File Permissions
windowsSet strict file permissions on the FREQSHIP-mini installation directory to prevent unauthorized file modifications.
icacls "C:\Program Files\FREQSHIP-mini" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" /deny "Users:(OI)(CI)(W,D,WDAC,WO)"
Enable Windows Defender Controlled Folder Access
windowsProtect the installation directory from unauthorized modifications using Windows Defender.
Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files\FREQSHIP-mini\*.exe"
Set-MpPreference -EnableControlledFolderAccess Enabled
🧯 If You Can't Patch
- Implement strict access controls to limit local access to systems running FREQSHIP-mini
- Deploy application whitelisting to prevent execution of unauthorized binaries in the installation directory
🔍 How to Verify
Check if Vulnerable:
Check FREQSHIP-mini version via Control Panel > Programs and Features or by examining the software's About dialog. Versions 8.0.0 through 8.0.2 are vulnerable.Check Version:
wmic product where name="FREQSHIP-mini" get versionVerify Fix Applied:
Verify installation of version 8.0.3 or later and confirm file permissions on the installation directory restrict write access to non-administrative users.📡 Detection & Monitoring
Log Indicators:
- Windows Security Event ID 4663 (File system access) showing unauthorized write attempts to FREQSHIP-mini directory
- Windows Application Event Log entries showing FREQSHIP-mini service failures or unexpected restarts
Network Indicators:
- Unusual outbound connections from the FREQSHIP-mini process to external IPs
- SMB or RPC connections to the system from unauthorized sources
SIEM Query:
source="windows_security" event_id=4663 object_name="*FREQSHIP-mini*" access_mask="0x2" | stats count by src_ip, user