Published:2025/07/04 Last Updated:2025/07/04
JVNVU#94011267
Heap-based buffer overflow vulnerability in V-SFT and TELLUS
Overview
A heap-based buffer overflow vulnerability exists in Fuji Electronic V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD.
Products Affected
- V-SFT-6 v6.2.5.0 and earlier
- TELLUS v4.0.20.0 and earlier
Description
A heap-based buffer overflow vulnerability (CWE-122) exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD.
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-50130
Impact
Opening V9 files or X1 files specially crafted by an attacker on the affected product may lead to arbitrary code execusion.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd. | Improvement information No. 2504H25 |
| Improvement information No. 2550Q10 |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-50130 |
| JVN iPedia |
|