[Japanese]

JVNDB-2026-005259

Out-of-bounds write vulnerability in Fujitsu BIOS Driver (fbiosdrv.sys)

Overview

Fujitsu BIOS Driver (fbiosdrv.sys) provided by Fujitsu Limited contains the following vulnerability.
  • Out-of-bounds Write (CWE-787) - CVE-2025-65001
Fujitsu Limited reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.2 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


FUJITSU
  • Fujitsu BIOS Driver (fbiosdrv.sys) versions prior to v2.5.0.0

    • Fujitsu ESPRIMO
    • FUTRO
    • CELSIUS
    • LIFEBOOK
    • STYLISTIC
    • ARROWS Tab
For more information, refer to the information provided by the developer.
Impact

Receiving a specially crafted request created and sent by a remote authenticated attacker with an administrative privilege may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
The developer has released Fujitsu BIOS Driver version v2.5.0.0 or later that address the vulnerability.
The firmware update will be automatically applied when the devices are connected to internet.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. Out-of-bounds Write(CWE-787) [Other]
CVE (What is CVE?)

  1. CVE-2025-65001
References

  1. JVN : JVNVU#96854657
Revision History

  • [2026/03/02]
      Web page was published

Date Public2026/02/27
Date First Published2026/03/02
Date Last Updated2026/03/02