JVNDB-2026-000017

[Japanese]
JVNDB-2026-000017
Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows
Overview
Mitsubishi small-capacity UPS shutdown software FREQSHIP-mini for Windows provided by Mitsubishi Electric Corporation contains the following vulnerability. Incorrect default permissions (CWE-276) - CVE-2025-10314 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 7.8 (High) [IPA Score] Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: High
Affected Products

Mitsubishi Electric FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2

Impact
An attacker could replace service executables on Windows system where the product is running, potentially allowing arbitrary code execution withSYSTEMprivileges.
Solution
[Update the software] Update the software to the latest version according to the information provided by the developer.
Vendor Information
Mitsubishi Electric Mitsubishi Electric Corporation : Malicious Code Execution Vulnerability in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows (PDF)
CWE (What is CWE?)
No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)
CVE-2025-10314
References
JVN : JVN#64883963
Revision History
[2026/02/03] Web page was published


Date Public	2026/02/03
Date First Published	2026/02/03
Date Last Updated	2026/02/03

Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows