CVE-2025-10259 identifies a vulnerability in the TCP communication function of Mitsubishi Electric Corporation's MELSEC iQ-F Series FX5U-32MT/ES programmable logic controllers (PLCs). The root cause is improper validation of the specified quantity in input data, classified under CWE-1284. This flaw allows a remote attacker to craft and send malicious TCP packets that exploit this validation weakness, resulting in the disconnection of the targeted TCP connection. The consequence is a denial-of-service (DoS) condition affecting only the attacked connection, without broader system compromise or impact on other concurrent connections. The vulnerability requires no privileges or user interaction, making it remotely exploitable over the network. The CVSS v3.1 base score is 5.3 (medium), reflecting network attack vector, low complexity, no privileges required, no user interaction, and impact limited to availability. No patches or exploits are currently known, but the vulnerability affects all versions of the FX5U-32MT/ES CPU modules. Given the critical role of these PLCs in industrial automation, exploitation could disrupt manufacturing processes or critical infrastructure operations relying on these devices. The vulnerability highlights the importance of robust input validation in industrial communication protocols to prevent service interruptions.

For European organizations, especially those in manufacturing, energy, and critical infrastructure sectors that deploy Mitsubishi MELSEC iQ-F Series PLCs, this vulnerability poses a risk of operational disruption through targeted denial-of-service attacks. While it does not compromise data confidentiality or integrity, the ability to disconnect TCP connections remotely can interrupt control commands or monitoring data flows, potentially halting automated processes or causing safety system delays. This could lead to production downtime, financial losses, and safety hazards in industrial environments. The limited scope to the attacked connection reduces the risk of widespread system failure but does not eliminate the impact on critical operations. Organizations with remote or exposed network access to these PLCs are particularly vulnerable. The absence of known exploits currently provides a window for proactive mitigation, but the medium severity score indicates a need for timely attention to prevent exploitation as threat actors develop attack tools.

1. Implement strict network segmentation to isolate PLCs from general IT networks and restrict access to trusted management stations only. 2. Deploy firewall rules to limit TCP traffic to and from the PLCs, allowing only necessary communication ports and known IP addresses. 3. Monitor network traffic for anomalous or malformed TCP packets targeting the PLCs, using intrusion detection/prevention systems with signatures or heuristics for unusual input patterns. 4. Restrict remote access to the PLCs via VPNs or secure jump hosts with multi-factor authentication to reduce exposure. 5. Regularly audit and update network device configurations to minimize attack surface. 6. Engage with Mitsubishi Electric for firmware updates or patches addressing this vulnerability and apply them promptly once available. 7. Develop incident response plans specific to industrial control system disruptions to minimize downtime if an attack occurs. 8. Train operational technology (OT) personnel to recognize signs of network-based DoS attacks and respond accordingly.