CVE-2025-7376 is a vulnerability identified in multiple Mitsubishi Electric Corporation products, including GENESIS64 (all versions), GENESIS version 11.00, and MC Works64 (all versions). The vulnerability is classified under CWE-64, which pertains to improper control of a resource through symbolic links. Specifically, this issue arises from the way these products handle Windows Shortcut (.LNK) files. An authenticated local attacker can exploit this vulnerability by creating a symbolic link from a file that the affected processes use as a write destination to an arbitrary target file elsewhere on the system. When the process writes to the linked file, it inadvertently overwrites or destroys the target file. This unauthorized write capability can lead to the destruction of critical files necessary for system or application operation, potentially causing a denial-of-service (DoS) condition on the affected PC. The vulnerability requires local authentication and some user interaction, as indicated by the CVSS vector (AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N). The CVSS score is 5.9, indicating a medium severity level. The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. While no known exploits are currently in the wild, the vulnerability poses a significant risk due to the potential for file destruction and operational disruption in industrial control and automation environments where these Mitsubishi Electric products are deployed.

For European organizations, especially those in industrial sectors such as manufacturing, energy, and utilities that rely on Mitsubishi Electric's GENESIS64 and related products for supervisory control and data acquisition (SCADA) and industrial automation, this vulnerability could have serious operational impacts. The ability for a local authenticated attacker to overwrite critical files can disrupt control systems, leading to downtime, loss of operational data, and potentially unsafe conditions if automated processes fail. This could result in production halts, financial losses, and safety risks. Additionally, the destruction of files may complicate recovery efforts and incident response. Given the critical role of these systems in infrastructure and industrial environments, even a medium severity vulnerability warrants prompt attention to prevent escalation or exploitation in targeted attacks.

To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Restrict local access to systems running affected Mitsubishi Electric products to trusted personnel only, minimizing the risk of an authenticated attacker. 2) Employ strict file system permissions and access controls to limit the ability to create symbolic links or manipulate shortcut files within the environment. 3) Monitor and audit file system changes, especially the creation of symbolic links and modifications to critical files used by GENESIS64 and related applications. 4) Implement application whitelisting and endpoint protection solutions capable of detecting suspicious symbolic link activities or unauthorized file writes. 5) Segregate industrial control systems from general IT networks to reduce the attack surface and limit lateral movement opportunities. 6) Regularly back up critical configuration and operational files to enable rapid restoration in case of file destruction. 7) Engage with Mitsubishi Electric for patches or updates as they become available, and apply them promptly. 8) Train staff on the risks of local privilege misuse and the importance of adhering to security policies to prevent unauthorized access or actions.