How can organizations mitigate the risk associated with this vulnerability?

Organizations should update to FREQSHIP-mini version 8.1.0 or later and implement mitigation measures such as restricting access to affected systems, using firewalls or VPNs, and ensuring up-to-date antivirus software is in place.

Why is this vulnerability significant for critical infrastructure sectors?

The vulnerability poses a high risk to critical infrastructure sectors like manufacturing and energy, where FREQSHIP-mini is deployed, as exploitation could lead to unauthorized access, data manipulation, or operational disruptions.

Critical Vulnerability in Mitsubishi Electric's FREQSHIP-mini: CVE-2025-10314

A newly disclosed vulnerability in Mitsubishi Electric's FREQSHIP-mini for Windows could allow attackers to gain SYSTEM privileges. Learn about the risks and necessary mitigation steps.

Published: February 4, 2026

Share this on:

Executive Summary

In February 2026, Mitsubishi Electric disclosed a critical vulnerability (CVE-2025-10314) in its FREQSHIP-mini for Windows software, versions 8.0.0 to 8.0.2. The flaw arises from incorrect default permissions during installation, allowing local attackers to replace service executables or DLLs with malicious files. Exploiting this vulnerability enables arbitrary code execution with SYSTEM privileges, potentially leading to unauthorized access, data manipulation, or denial-of-service conditions. This vulnerability is particularly concerning for critical infrastructure sectors, including manufacturing and energy, where FREQSHIP-mini is commonly deployed. Organizations are urged to update to version 8.1.0 or later and implement recommended mitigation measures to prevent exploitation. (jvn.jp)

Why This Matters Now

The disclosure of CVE-2025-10314 highlights the ongoing risks associated with improper file permission settings in critical infrastructure software. As attackers increasingly target such vulnerabilities to gain elevated privileges, it is imperative for organizations to promptly apply patches and review security configurations to safeguard against potential exploits.

Attack Path Analysis

An attacker exploited incorrect default permissions in Mitsubishi Electric FREQSHIP-mini for Windows to execute arbitrary code with system privileges. This allowed them to escalate their privileges, potentially leading to unauthorized access, modification, or destruction of information, and causing a denial-of-service condition on the affected system.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

High

Lateral Movement

Mediuminferred

Command & Control

Mediuminferred

Exfiltration

Mediuminferred

Impact

High

Initial Compromise

Description

The attacker exploited incorrect default permissions in Mitsubishi Electric FREQSHIP-mini for Windows to execute arbitrary code with system privileges.

Confidence:

High

Related CVEs

Included CVEs with severity scores, affected products, exploit status, and reference links.

CVE-2025-10314
CVSS 8.8
Incorrect default permissions in Mitsubishi Electric FREQSHIP-mini for Windows allow local attackers to execute arbitrary code with SYSTEM privileges.
Affected Products:
Mitsubishi Electric FREQSHIP-mini for Windows – 8.0.0, 8.0.1, 8.0.2
Exploit Status:
no public exploit
References:
https://jvn.jp/en/jp/JVN64883963/https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000017.html

MITRE ATT&CK® Techniques

Privilege Escalation

T1574.010

Hijack Execution Flow: Services File Permissions Weakness

Defense Evasion

T1222.001

Windows File and Directory Permissions Modification

Privilege Escalation

T1548

Abuse Elevation Control Mechanism

Privilege Escalation

T1574.005

Hijack Execution Flow: Executable Installer File Permissions Weakness

Privilege Escalation

T1574.011

Hijack Execution Flow: Services Registry Permissions Weakness

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

NIST SP 800-53 – Least Privilege

Control ID: AC-6

The vulnerability exploited incorrect default permissions, violating the principle of least privilege by allowing unauthorized users to modify critical system files.

PCI DSS 4.0 – Limit Access to System Components and Cardholder Data

Control ID: 7.1.2

The improper permissions could permit unauthorized access to sensitive data, contravening requirements to restrict access to system components and cardholder data.

NYDFS 23 NYCRR 500 – Access Privileges

Control ID: 500.07

The incident exposed deficiencies in access privilege controls, as unauthorized users could gain elevated access due to misconfigured permissions.

DORA – ICT Risk Management Framework

Control ID: Article 5

The exploitation of incorrect default permissions indicates a lapse in the ICT risk management framework, failing to identify and mitigate such vulnerabilities.

CISA Zero Trust Maturity Model 2.0 – Enforce Least Privilege Access

Control ID: Identity Pillar: Access Control

The vulnerability allowed unauthorized privilege escalation, highlighting a failure to enforce least privilege access principles within the identity management framework.

NIS2 Directive – Cybersecurity Risk Management Measures

Control ID: Article 21

The incident reflects inadequate implementation of cybersecurity risk management measures, as it permitted unauthorized access through misconfigured permissions.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Utilities

UPS shutdown software privilege escalation threatens critical power infrastructure operations, enabling system compromise and potential service disruptions across electrical grid systems.

Critical Manufacturing

Mitsubishi UPS systems in manufacturing environments face privilege escalation risks, allowing attackers to disrupt production operations and compromise industrial control systems.

Health Care / Life Sciences

Healthcare facilities using affected UPS systems risk unauthorized access to critical medical equipment power management, potentially compromising patient safety and data.

Government Administration

Government facilities relying on Mitsubishi UPS infrastructure face privilege escalation vulnerabilities that could compromise sensitive systems and continuity of operations.

Sources

Mitsubishi Electric FREQSHIP-mini for Windowshttps://www.cisa.gov/news-events/ics-advisories/icsa-26-034-01
Verified

JVN#64883963: Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windowshttps://jvn.jp/en/jp/JVN64883963/

Verified

JVNDB-2026-000017 - JVN iPediahttps://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000017.html

Verified

Mitsubishi Electric FREQSHIP-mini for Windows - IT Security Newshttps://www.itsecuritynews.info/mitsubishi-electric-freqship-mini-for-windows/

Verified

Frequently Asked Questions

CVE-2025-10314 is a vulnerability in Mitsubishi Electric's FREQSHIP-mini for Windows, versions 8.0.0 to 8.0.2, caused by incorrect default permissions that allow local attackers to execute arbitrary code with SYSTEM privileges.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the attacker's ability to escalate privileges and move laterally within the network, thereby reducing the potential blast radius.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The attacker's ability to execute arbitrary code with system privileges may have been constrained, limiting unauthorized access to sensitive information and system resources.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: The attacker's ability to access sensitive information and system resources would likely have been limited, reducing the scope of unauthorized activities.

Lateral Movement

Control: East-West Traffic Security

Mitigation: The attacker's ability to move laterally within the network would likely have been constrained, limiting the spread of the attack.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: The attacker's ability to establish and maintain command and control channels would likely have been restricted, reducing remote control over compromised systems.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: The attacker's ability to exfiltrate sensitive data would likely have been limited, reducing the risk of data loss.

Impact (Mitigations)

The attacker's ability to cause a denial-of-service condition would likely have been constrained, reducing the impact on system availability.

Impact at a Glance

Affected Business Functions

System Monitoring
Power Management

Operational Disruption

Estimated downtime: 3 days

Financial Impact

Estimated loss: $50,000

Data Exposure

Potential exposure of system configuration data and operational logs.

Recommended Actions

• Implement Zero Trust Segmentation to enforce least privilege access and prevent unauthorized lateral movement.
• Deploy Inline IPS (Suricata) to detect and prevent exploitation attempts targeting known vulnerabilities.
• Utilize Threat Detection & Anomaly Response systems to identify and respond to suspicious activities promptly.
• Apply Restrict File and Directory Permissions to limit access to critical system files and directories.
• Regularly update and patch software to remediate known vulnerabilities and reduce the attack surface.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Critical Vulnerability in Mitsubishi Electric's FREQSHIP-mini: CVE-2025-10314

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

Related CVEs

CVE-2025-10314

Affected Products:

Exploit Status:

References:

MITRE ATT&CK® Techniques

Hijack Execution Flow: Services File Permissions Weakness

Windows File and Directory Permissions Modification

Abuse Elevation Control Mechanism

Hijack Execution Flow: Executable Installer File Permissions Weakness

Hijack Execution Flow: Services Registry Permissions Weakness

Potential Compliance Exposure

NIST SP 800-53 – Least Privilege

PCI DSS 4.0 – Limit Access to System Components and Cardholder Data

NYDFS 23 NYCRR 500 – Access Privileges

DORA – ICT Risk Management Framework

CISA Zero Trust Maturity Model 2.0 – Enforce Least Privilege Access

NIS2 Directive – Cybersecurity Risk Management Measures

Sector Implications

Utilities

Critical Manufacturing

Health Care / Life Sciences

Government Administration

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads