Home

Description

Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary code.

PUBLISHED Reserved 2025-08-22 | Published 2025-09-03 | Updated 2025-09-03 | Assigner icscert




HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

Default status
unaffected

Any version before 1.4.0.1
affected

1.4.0.1
unaffected

Credits

kimiya working with Trend Micro Zero Day Initiative reported this vulnerability to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-245-02

felib.fujielectric.co.jp/...3970-e560-4961-8013-fc72be43681a

cve.org (CVE-2025-9365)

nvd.nist.gov (CVE-2025-9365)

Download JSON