CVE-2025-11001
View CSAF Summary Successful exploitation of these vulnerabilities could allow a local attacker to tamper with or destroy information in the affected product, cause a denial-of-service condition in the affected product, or execute arbitrary code when a specially crafted archive file is decompressed by the 7-Zip component included in MELSOFT Update Manager. The following versions of Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M are affected: MELSOFT Update Manager SW1DND-UDM-M >=1.000A|<=1.014Q (CVE-2025-53816, CVE-2025-53817, CVE-2025-55188, CVE-2025-11001) CVSS Vendor Equipment Vulnerabilities v3 8.8 Mitsubishi Electric Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M Heap-based Buffer Overflow, NULL Pointer Dereference, Improper Link Resolution Before File Access ('Link Following'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Japan Vulnerabilities Expand All + CVE-2025-53816 A heap-based buffer overflow vulnerability exists in the 7-Zip component included in MELSOFT Update Manager SW1DND-UDM-M. This vulnerability could allow a local attacker to trigger a buffer overflow that may cause the affected product to enter a denial-of-service condition by convincing a legitimate user to decompress a specially crafted archive file using the affected product. View CVE Details Affected Products Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M Vendor: Mitsubishi Electric Product Version: Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M: >=1.000A|<=1.014Q Product Status: known_affected Remediations Mitigation Mitsubishi Electric has identified the following specific workarounds and mitigations users can apply to reduce risk: Vendor fix Mitsubishi Electric is releasing fixed version 1.015R or later for MELSOFT Update Manager SW1DND-UDM-M. Please download the update file for the fixe
CSIRTS triage
- What
- Exploitation could allow local attackers to tamper with information, cause denial-of-service, or execute arbitrary code.
- Who is affected
- Users of MELSOFT Update Manager SW1DND-UDM-M within the specified version range.
- Urgency
- Remediation is critical due to the potential for severe impacts from exploitation.
- Action
- Update to a version outside the affected range.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2025-11001
Get an email if CVE-2025-11001 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Elevated exploitation risk27.0% 30-day exploitation probability — well above the norm. Schedule remediation this cycle. Riskier than 98% of all EPSS-scored CVEs.
Advisory coverage (1)
- criticalMitsubishi Electric MELSOFT Update Manager SW1DND-UDM-Mcisa · 2026-06-30
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2025-11001)