Use After Free Vulnerability in V-SFT by Fuji Electric
CVE-2025-61864

8.4HIGH

Key Information:

Vendor: Fuji Electric Co., Ltd. / Hakko Electronics Co., Ltd.
Status: V-sft
Vendor: CVE Published:; 10 October 2025

🔔 Create Fuji Electric Co., Ltd. / Hakko Electronics Co., Ltd. Vulnerability Alert

What is CVE-2025-61864?

A use after free vulnerability exists in the VS6ComFile!load_link_inf function of V-SFT versions up to 6.2.7.0. This flaw can be exploited when a user opens specially crafted V-SFT files, potentially leading to serious consequences such as information disclosure, abnormal termination of the affected system (ABEND), and the execution of arbitrary code. Users of V-SFT should be aware of this vulnerability and take necessary precautions to mitigate risks associated with file handling.

Affected Version(s)

V-SFT v6.2.7.0 and earlier

References

https://monitouch.fujielectric.com/site/download-e/09vsft...

https://jvn.jp/en/vu/JVNVU90008453/

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Oct 2, 2025

JSON