CVE-2025-61860
📋 TL;DR
An out-of-bounds read vulnerability in V-SFT v6.2.7.0 and earlier allows attackers to cause information disclosure, system crashes, or arbitrary code execution by tricking users into opening malicious V-SFT files. This affects users of Fuji Electric's V-SFT software for industrial control systems. The vulnerability requires user interaction but can lead to full system compromise.
💻 Affected Systems
- Fuji Electric V-SFT
📦 What is this software?
Monitouch V Sft by Fujielectric
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, and potential lateral movement within industrial control networks.
Likely Case
System crashes (ABEND) and information disclosure when users open malicious files, disrupting industrial operations.
If Mitigated
Limited to denial of service if file parsing is sandboxed or memory protections are enabled.
🎯 Exploit Status
Exploitation requires social engineering to deliver malicious V-SFT files; no public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v6.2.8.0 or later
Vendor Advisory: https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php
Restart Required: Yes
Instructions:
1. Download the latest version from Fuji Electric's download site. 2. Uninstall the vulnerable version. 3. Install the patched version. 4. Restart the system.
🔧 Temporary Workarounds
Restrict V-SFT file execution
windowsBlock execution of V-SFT files from untrusted sources using application whitelisting.
Using AppLocker or similar: Create rule to block V-SFT files from network shares and email attachments.
User awareness training
allTrain users not to open V-SFT files from unknown or untrusted sources.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate V-SFT systems from general corporate networks.
- Deploy endpoint detection and response (EDR) solutions to monitor for suspicious file execution patterns.
🔍 How to Verify
Check if Vulnerable:
Check V-SFT version in Help > About; versions 6.2.7.0 or earlier are vulnerable.Check Version:
In V-SFT application: Navigate to Help > About to view version number.Verify Fix Applied:
Verify installed version is 6.2.8.0 or later in Help > About menu.📡 Detection & Monitoring
Log Indicators:
- Application crashes of V-SFT.exe with memory access violation errors
- Unusual file access patterns to V-SFT project files
Network Indicators:
- Unexpected network connections from V-SFT systems
- File transfers of V-SFT project files from untrusted sources
SIEM Query:
EventID=1000 OR EventID=1001 AND ProcessName="V-SFT.exe" AND (ExceptionCode=0xc0000005 OR ExceptionCode=0xc0000409)