Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M
View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included in MELSOFT Update Manager. The following versions of Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M are affected: MELSOFT Update Manager SW1DND-UDM-M >=1.000A|<=1.014Q (CVE-2025-53816, CVE-2025-53817, CVE-2025-55188, CVE-2025-11001) CVSS Vendor Equipment Vulnerabilities v3 8.8 Mitsubishi Electric Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M Heap-based Buffer Overflow, NULL Pointer Dereference, Improper Link Resolution Before File Access ('Link Following'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Japan Vulnerabilities Expand All + CVE-2025-53816 A heap-based buffer overflow vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to trigger a buffer overflow that may cause the affected product to enter a denial-of-service condition by convincing a legitimate user to decompress a specially crafted archive file using the affected product. View CVE Details Affected Products Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M Vendor: Mitsubishi Electric Product Version: Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M: >=1.000A|<=1.014Q Product Status: known_affected Remediations Mitigation Mitsubishi Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Vendor fix Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixe
CSIRTS triage
- What
- Exploitation could allow local attackers to tamper with information, cause denial-of-service, or execute arbitrary code.
- Who is affected
- Users of MELSOFT Update Manager SW1DND-UDM-M within the specified version range.
- Urgency
- Remediation is critical due to the potential for severe impacts from exploitation.
- Action
- Update to a version outside the affected range.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch MELSOFT Update Manager SW1DND-UDM-M
Get an email when a new MELSOFT Update Manager SW1DND-UDM-M advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-01
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2025-538160.64% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 46% of all scored CVEs.
- Low exploitation riskCVE-2025-538170.61% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 45% of all scored CVEs.
- Low exploitation riskCVE-2025-551880.69% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 49% of all scored CVEs.
- Elevated exploitation riskCVE-2025-1100127.0% 30-day exploitation probability — well above the norm. Schedule remediation this cycle. Riskier than 98% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2025-53816 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-53817 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-55188 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-11001 | coverage & exploitation status | NVD · CVE.org |
More from CISA Cybersecurity Advisories
- highCISA Adds Two Known Exploited Vulnerabilities to Catalog2026-07-10
- criticalSchneider Electric PowerChute Serial Shutdown2026-07-09
- criticalOpenPLC v32026-07-09
- criticalSchneider Electric Easergy MiCOM Px40 Series2026-07-09
- highCISA Adds One Known Exploited Vulnerability to Catalog2026-07-07