Published:2025/07/04  Last Updated:2025/07/04

JVNVU#94011267
Heap-based buffer overflow vulnerability in V-SFT and TELLUS

Overview

A heap-based buffer overflow vulnerability exists in Fuji Electronic V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD.

Products Affected

  • V-SFT-6 v6.2.5.0 and earlier
  • TELLUS v4.0.20.0 and earlier

Description

A heap-based buffer overflow vulnerability (CWE-122) exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD.

  • CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
  • CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
  • CVE-2025-50130

Impact

Opening V9 files or X1 files specially crafted by an attacker on the affected product may lead to arbitrary code execusion.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor Link
FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd. Improvement information No. 2504H25
Improvement information No. 2550Q10

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2025-50130
JVN iPedia