Details of VAR-202510-0124

ID

VAR-202510-0124

CVE

CVE-2025-61861

TITLE

Made by Fuji Electric V-SFT Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2025-015451

DESCRIPTION

An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. None. Fuji Electric V-SFT is a human-machine interface (HMI) configuration software developed by Fuji Electric, primarily used for touchscreen interface design, PDF document viewing, video playback, and alarm message management in industrial automation. This vulnerability stems from the VS6ComFile component's load_link_inf function failing to properly validate the length of input data

Trust: 2.16

sources: NVD: CVE-2025-61861 // JVNDB: JVNDB-2025-015451 // CNVD: CNVD-2025-24256

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-24256

AFFECTED PRODUCTS

vendor:	fujielectric	model:	monitouch v-sft	scope:	lte	version:	6.2.7.0	Trust: 1.0
vendor:	富士電機	model:	v-sft	scope:	eq	version:	-	Trust: 0.8
vendor:	富士電機	model:	v-sft	scope:	lte	version:	v6.2.7.0 and earlier	Trust: 0.8
vendor:	fuji	model:	electric v-sft	scope:	lte	version:	<=v6.2.7.0	Trust: 0.6

sources: CNVD: CNVD-2025-24256 // JVNDB: JVNDB-2025-015451 // NVD: CVE-2025-61861

CVSS

SEVERITY

CVSSV2

CVSSV3

vultures@jpcert.or.jp:	CVE-2025-61861
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-015451
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-24256
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-24256
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

vultures@jpcert.or.jp:	CVE-2025-61861
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-015451
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-24256 // JVNDB: JVNDB-2025-015451 // NVD: CVE-2025-61861

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds read (CWE-125) [ others ]	Trust: 0.8
problemtype:	Use of freed memory (CWE-416) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-015451 // NVD: CVE-2025-61861

PATCH

title:	Improvement information No. 25A0H08	url:	https://hakko-elec.co.jp/site/download/09vsft6_inf/Search.php	Trust: 0.8
title:	Patch for Fuji Electric V-SFT Out-of-Bounds Read Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/744111	Trust: 0.6

sources: CNVD: CNVD-2025-24256 // JVNDB: JVNDB-2025-015451

EXTERNAL IDS

db:	NVD	id:	CVE-2025-61861	Trust: 2.4
db:	JVN	id:	JVNVU90008453	Trust: 2.4
db:	JVNDB	id:	JVNDB-2025-015451	Trust: 0.8
db:	CNVD	id:	CNVD-2025-24256	Trust: 0.6

sources: CNVD: CNVD-2025-24256 // JVNDB: JVNDB-2025-015451 // NVD: CVE-2025-61861

REFERENCES

url:	https://jvn.jp/en/vu/jvnvu90008453/	Trust: 1.6
url:	https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/search.php	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu90008453/	Trust: 0.8

sources: CNVD: CNVD-2025-24256 // JVNDB: JVNDB-2025-015451 // NVD: CVE-2025-61861

SOURCES

db:	CNVD	id:	CNVD-2025-24256
db:	JVNDB	id:	JVNDB-2025-015451
db:	NVD	id:	CVE-2025-61861

LAST UPDATE DATE

2025-12-19T22:38:41.384000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-24256	date:	2025-11-28T00:00:00
db:	JVNDB	id:	JVNDB-2025-015451	date:	2025-10-09T03:08:00
db:	NVD	id:	CVE-2025-61861	date:	2025-10-27T18:06:18.733

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-24256	date:	2025-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2025-015451	date:	2025-10-09T00:00:00
db:	NVD	id:	CVE-2025-61861	date:	2025-10-10T11:15:43.970