Severity
High
Analysis Summary
CVE-2025-10089
Malicious code execution vulnerability via DLL hijacking exists in setting and operation application for lighting control system MILCO.S. A local attacker may be able to execute malicious code by having installer to load a malicious DLL. Please note that this vulnerability only affects when the installer is run, not after installation.
Impact
- Code Execution
Indicators of Compromise
CVE
CVE-2025-10089
Affected Vendors
Mitsubishi Electric
Affected Products
- Mitsubishi Electric MILCO.S Setting Application
- Mitsubishi Electric MILCO.S Setting Application (IR)
- Mitsubishi Electric MILCO.S Easy Setting Application (IR)
- Mitsubishi Electric MILCO.S Easy Switch Application (IR)
Remediation
Refer to Mitsubishi Electric Security Advisory for patch, upgrade, or suggested workaround information.