JVNDB-2025-008106

[Japanese]
JVNDB-2025-008106
Heap-based buffer overflow vulnerability in V-SFT and TELLUS
Overview
A heap-based buffer overflow vulnerability (CWE-122) exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. - CVE-2025-50130 Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 7.8 (High) [Other] Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: High
Affected Products

Fuji Electric Co., Ltd. TELLUS v4.0.20.0 and earlier V-SFT-6 v6.2.5.0 and earlier

Impact
Opening V9 files or X1 files specially crafted by an attacker on the affected product may lead to arbitrary code execusion.
Solution
[Update the software] Update the software to the latest version according to the information provided by the developer.
Vendor Information
Fuji Electric Co., Ltd. FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd. : Improvement information No. 2504H25 FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd. : Improvement information No. 2550Q10
CWE (What is CWE?)
Heap-based Buffer Overflow(CWE-122) [Other]
CVE (What is CVE?)
CVE-2025-50130
References
JVN : JVNVU#94011267
Revision History
[2025/07/07] Web page was published

Heap-based buffer overflow vulnerability in V-SFT and TELLUS