Mitsubishi Electric has disclosed a critical authentication bypass vulnerability affecting 27 different air conditioning system models, potentially allowing remote attackers to gain unauthorized control over building HVAC systems.
The vulnerability, tracked as CVE-2025-3699, carries a maximum CVSS score of 9.8, indicating its severe nature.
https://cybersecuritynews.com/mitsubish ... erability/