CVE-2025-10314

Malicious Code Execution Vulnerability in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows

Assigner: Mitsubishi
Reserved: 12.09.2025 Published: 05.02.2026 Updated: 05.02.2026

Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation directory with specially crafted files. As a result, the attacker may be able to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a Denial of Service (DoS) condition on the affected system.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 8.8

Attack Vector	Local	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Mitsubishi Electric Corporation
Product	FREQSHIP-mini for Windows
Versions	Default: unaffected Version versions 8.0.0 to 8.0.2 is affected

Vendor

Mitsubishi Electric Corporation

Product

FREQSHIP-mini for Windows

Versions

Default: unaffected

Version versions 8.0.0 to 8.0.2 is affected

References

Problem Types

CWE-276 Incorrect Default Permissions CWE

Impacts

Arbitrary Code Execution