CVE-2025-47750 is a high-severity vulnerability affecting FUJI ELECTRIC CO., LTD.'s V-SFT software, specifically versions 6.2.5.0 and earlier. The vulnerability arises from an out-of-bounds write issue in the function VS6MemInIF!set_temp_type_default. This flaw is triggered when the software opens specially crafted V7 or V8 files. Exploitation of this vulnerability can lead to multiple severe consequences including application crashes, information disclosure, and arbitrary code execution. The vulnerability has a CVSS v3.1 base score of 7.8, indicating a high level of risk. The attack vector is local (AV:L), meaning the attacker must have local access to the system, but no privileges are required (PR:N). User interaction is necessary (UI:R), implying that a user must open or interact with a malicious file. The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the potential for exploitation exists given the nature of the vulnerability. The vulnerability affects a critical industrial software product used for automation and control, which may be integral to operational technology environments. The lack of available patches at the time of publication increases the urgency for mitigation and risk management.

For European organizations, particularly those in industrial sectors such as manufacturing, energy, and infrastructure that rely on FUJI ELECTRIC's V-SFT software for programmable logic controller (PLC) programming and automation, this vulnerability poses a significant threat. Successful exploitation could lead to unauthorized disclosure of sensitive operational data, disruption of industrial processes through crashes or manipulation, and potentially full system compromise via arbitrary code execution. This could result in operational downtime, safety hazards, financial losses, and damage to reputation. Given the critical nature of industrial control systems in Europe’s manufacturing and energy sectors, the impact extends beyond IT to physical safety and regulatory compliance. Organizations with local access environments where users handle V7 or V8 files are particularly at risk, as the attack requires user interaction to open malicious files. The high confidentiality, integrity, and availability impacts underscore the potential for severe operational disruption and data breaches.

European organizations should implement several targeted mitigation strategies: 1) Immediately inventory and identify all instances of V-SFT software version 6.2.5.0 or earlier in their environment. 2) Restrict local access to systems running V-SFT to trusted personnel only, minimizing the risk of malicious file introduction. 3) Educate users on the risks of opening untrusted V7 or V8 files and enforce strict file handling policies. 4) Employ application whitelisting and endpoint protection solutions that can detect and block anomalous behavior related to file parsing and memory corruption attempts. 5) Monitor system logs and network activity for signs of exploitation attempts or unusual crashes. 6) Engage with FUJI ELECTRIC for timely patch releases or workarounds and apply updates as soon as they become available. 7) Consider network segmentation to isolate industrial control systems from general IT networks, reducing the attack surface. 8) Implement strict file integrity monitoring and use sandboxing techniques to analyze suspicious files before opening them in production environments.