How to fix CVE-2025-7376?

Within 30 days: Identify affected systems running multiple processes of Mitsubishi Electric Iconics Digital So and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Microsoft affected by CVE-2025-7376?

CVE-2025-7376 presents moderate security risk rated CVSS 5.9. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-7376

MEDIUM

2025-08-06 [email protected]

5.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:05 vuln.today

CVE Published

Aug 06, 2025 - 07:15 nvd

MEDIUM 5.9

Description

Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric MC Works64 all versions, and Mitsubishi Electric GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC.

Analysis

Technical Context

This vulnerability is classified under CWE-64. Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric MC Works64 all versions, and Mitsubishi Electric GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC. Version information: version 11.00.

Affected Products

See vendor advisory for affected versions.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +30

POC: 0

CVE-2025-7376 vulnerability details – vuln.today

Back

CVE-2025-7376

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-7376

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code