CVE-2025-10259 is a vulnerability classified under CWE-1284 (Improper Validation of Specified Quantity in Input) found in the TCP communication function of Mitsubishi Electric Corporation's MELSEC iQ-F Series FX5U-32MT/ES CPU modules. The flaw arises because the device does not properly validate the quantity specified in incoming TCP packets, allowing a remote attacker to craft packets that cause the device to disconnect the targeted TCP connection. This results in a denial-of-service (DoS) condition affecting only the attacked connection, without impacting other active connections or the device's overall operation. The vulnerability can be exploited remotely without requiring any authentication or user interaction, making it accessible to attackers with network access to the device. The CVSS v3.1 base score is 5.3, indicating medium severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), and low impact on availability (A:L). No known exploits have been reported in the wild as of the publication date. The vulnerability affects all versions of the FX5U-32MT/ES CPU modules in the MELSEC iQ-F Series. The root cause is insufficient input validation in the TCP communication stack, which can be addressed by vendor patches or firmware updates once released.

For European organizations, particularly those in industrial automation, manufacturing, and critical infrastructure sectors, this vulnerability poses a risk of targeted denial-of-service attacks on Mitsubishi Electric MELSEC iQ-F Series PLCs. Disruption of TCP connections could lead to temporary loss of communication between control systems and field devices, potentially causing operational delays, production downtime, or safety system interruptions. Although the impact is limited to availability and does not compromise data confidentiality or integrity, even short-term outages in industrial control systems can have significant financial and safety consequences. The vulnerability's ease of exploitation without authentication increases the risk from internal or external threat actors with network access. European organizations with network-exposed PLCs or insufficient network segmentation are particularly vulnerable. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

1. Implement strict network segmentation to isolate MELSEC iQ-F Series PLCs from general IT networks and the internet, limiting exposure to untrusted sources. 2. Configure firewalls and intrusion prevention systems to restrict TCP traffic to only trusted management and control stations, blocking unsolicited or malformed packets. 3. Monitor network traffic for anomalies or repeated connection resets targeting PLC IP addresses, enabling early detection of exploitation attempts. 4. Apply vendor-provided patches or firmware updates promptly once available to address the root cause of the vulnerability. 5. Employ secure communication protocols or VPNs for remote access to PLCs to reduce exposure to crafted TCP packets. 6. Conduct regular security assessments and penetration testing focused on industrial control systems to identify and remediate similar vulnerabilities. 7. Maintain an inventory of all Mitsubishi Electric PLCs deployed and ensure they are included in vulnerability management programs. 8. Train operational technology (OT) personnel on recognizing and responding to network-based DoS attacks targeting control devices.