CVE-2025-7376
📋 TL;DR
This vulnerability allows a local authenticated attacker to create symbolic links that redirect file writes from Mitsubishi Electric industrial software to arbitrary system files. By exploiting Windows shortcut following (.LNK) behavior, attackers can overwrite critical files, potentially causing denial-of-service conditions. Affected systems include all versions of GENESIS64, MC Works64, and GENESIS version 11.00.
💻 Affected Systems
- Mitsubishi Electric Iconics Digital Solutions GENESIS64
- Mitsubishi Electric Iconics Digital Solutions GENESIS
- Mitsubishi Electric GENESIS64
- Mitsubishi Electric MC Works64
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Critical system files are overwritten, causing complete system failure and extended downtime requiring OS reinstallation.
Likely Case
Application-specific configuration or data files are corrupted, disrupting industrial control system operations until restoration.
If Mitigated
Limited to non-critical file corruption with minimal operational impact due to proper access controls and monitoring.
🎯 Exploit Status
Requires local authenticated access and knowledge of target file paths; symbolic link creation requires specific permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patch versions
Vendor Advisory: https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-009_en.pdf
Restart Required: No
Instructions:
1. Review vendor advisory for specific patch information. 2. Download appropriate patches from Mitsubishi Electric support portal. 3. Apply patches following vendor instructions. 4. Verify patch application by checking software version.
🔧 Temporary Workarounds
Restrict Symbolic Link Creation
WindowsConfigure Windows security policy to restrict symbolic link creation to administrators only
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" -Name "ProtectionMode" -Value 1
🧯 If You Can't Patch
- Implement strict access controls to limit local authenticated users to only necessary personnel
- Deploy file integrity monitoring to detect unauthorized file modifications
🔍 How to Verify
Check if Vulnerable:
Check installed software versions against affected products list; verify if symbolic link creation is possible by non-admin usersCheck Version:
Check application properties or vendor documentation for version informationVerify Fix Applied:
Verify patch installation through software version check; test symbolic link creation attempts fail for non-admin users📡 Detection & Monitoring
Log Indicators:
- Windows Security Event ID 4656 (File System Object Access) showing symbolic link creation
- Application logs showing unexpected file write errors
Network Indicators:
- No network indicators - local attack only
SIEM Query:
EventID=4656 AND ObjectType="SymbolicLink" AND SubjectUserName NOT IN (admin_users_list)