Severity
High
Analysis Summary
CVE-2025-47758 CVSS:7.8
V-SFT versions contains an issue with stack-based buffer overflow in VS6File!CTxSubFile::get_ProgramFile_name function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary code execution.
CVE-2025-47754 CVSS:7.8
FUJI ELECTRIC V-SFT could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in VS6EditData!Conv_Macro_Data function. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2025-47749 CVSS:7.8
FUJI ELECTRIC V-SFT could allow a remote attacker to execute arbitrary code on the system, caused by an free of pointer not at start of buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2025-47753 CVSS:7.8
FUJI ELECTRIC V-SFT could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in XXX. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2025-47750 CVSS:7.8
FUJI ELECTRIC V-SFT could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in VS6MemInIF!set_temp_type_default function. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Buffer Overflow
- Code Execution
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2025-47758
- CVE-2025-47754
- CVE-2025-47749
- CVE-2025-47753
- CVE-2025-47750
Affected Vendors
Affected Products
- FUJI ELECTRIC CO. - LTD. V-SFT - v6.2.5.0
Remediation
Refer to Fuji Electric Security Advisory for patch, upgrade, or suggested workaround information.