Latest Mitsubishi Electric Air Conditioning Systems vulnerability #

An authentication bypass vulnerability has been disclosed in certain models and versions of Mitsubishi Electric air conditioning systems. This vulnerability has been designated CVE-2025-3699 and has been rated critical with a CVSS score of 9.8.

The following models and versions are affected

  • G-50 versions 3.37 and prior
  • G-50-W versions 3.37 and prior
  • G-50A versions 3.37 and prior
  • GB-50 versions 3.37 and prior
  • GB-50A versions 3.37 and prior
  • GB-24A versions 9.12 and prior
  • G-150AD versions 3.21 and prior
  • AG-150A-A versions 3.21 and prior
  • AG-150A-J versions 3.21 and prior
  • GB-50AD versions 3.21 and prior
  • GB-50ADA-A versions 3.21 and prior
  • GB-50ADA-J versions 3.21 and prior
  • EB-50GU-A versions 7.11 and prior
  • EB-50GU-J versions 7.11 and prior
  • AE-200J versions 8.01 and prior
  • AE-200A versions 8.01 and prior
  • AE-200E versions 8.01 and prior
  • AE-50J versions 8.01 and prior
  • AE-50A versions 8.01 and prior
  • AE-50E versions 8.01 and prior
  • EW-50J versions 8.01 and prior
  • EW-50A versions 8.01 and prior
  • EW-50E versions 8.01 and prior
  • TE-200A versions 8.01 and prior
  • TE-50A versions 8.01 and prior
  • TW-50A versions 8.01 and prior
  • CMS-RMD-J versions 1.40 and prior

    What is the impact? #

    Successful exploitation of the vulnerability would allow an adversary to bypass authentication and gain control over the air conditioning system or disclose information from them. The disclosed information can be used to tamper with the firmware of the affected system.

    Are any updates or workarounds available? #

    There are no planned versions to fix the issue so please follow Mitsubishi Electric's mitigations and configure systems so they are not exposed to the public Internet. Mitsubishi Electric is currently preparing improved versions of the following products to help mitigate the vulnerability. Upgrade affected systems to the new versions when available.

    • AE-200J
    • AE-200A
    • AE-200E
    • AE-50J
    • AE-50A
    • AE-50E
    • EW-50J
    • EW-50A
    • EW-50E
    • TE-200A
    • TE-50A
    • TW-50A

      How do I find Mitsubishi Electric Air Conditioning Systems with runZero? #

      From the Asset Inventory, use the following query to locate potentially impacted assets:

      hw:"Mitsubishi%Air Condition%"

      Written by Matthew Kienow

      More about Matthew Kienow
      Subscribe Now

      Get the latest news and expert insights delivered in your inbox.

      Welcome to the club! Your subscription to our newsletter is successful.

      See Results in Minutes

      See & secure your total attack surface. Even the unknowns & unmanageable.