Home

Description

A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code.

PUBLISHED Reserved 2025-07-30 | Published 2025-11-04 | Updated 2025-11-04 | Assigner icscert




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-122

Product status

Default status
unaffected

6.2.7.0
affected

6.2.8.0
unaffected

6.2.9.0 or newer.
unaffected

Credits

Rocco Calvi with TecSecurity working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA. finder

References

felib.fujielectric.co.jp/...rt=en_title&page=1®ion=en-glb

www.cisa.gov/news-events/ics-advisories/icsa-25-308-01

github.com/...p/csaf_files/OT/white/2025/icsa-25-308-01.json

cve.org (CVE-2025-54496)

nvd.nist.gov (CVE-2025-54496)

Download JSON