Deserialization Vulnerability in Fuji Electric FRENIC-Loader 4
CVE-2025-9365

8.4HIGH

Key Information:

Vendor: Fuji Electric
Status: Frenic-loader 4
Vendor: CVE Published:; 3 September 2025

🔔 Create Fuji Electric Vulnerability Alert

What is CVE-2025-9365?

The FRENIC-Loader 4 by Fuji Electric is susceptible to a deserialization vulnerability when importing files through a specific interface. This weakness enables attackers to manipulate untrusted data, potentially leading to execution of arbitrary code. Organizations utilizing this software should implement protective measures to mitigate any risks associated with this vulnerability.

Affected Version(s)

FRENIC-Loader 4 0 < 1.4.0.1

FRENIC-Loader 4 1.4.0.1

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

https://felib.fujielectric.co.jp/en/M10009/M20029/documen...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Aug 22, 2025

Credit

kimiya working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.