CVE-2025-47758 is a high-severity stack-based buffer overflow vulnerability found in FUJI ELECTRIC CO., LTD.'s V-SFT software, specifically affecting versions 6.2.5.0 and earlier. The vulnerability resides in the function VS6File!CTxSubFile::get_ProgramFile_name, which processes V7 or V8 files. When a specially crafted V7 or V8 file is opened, the buffer overflow can be triggered, potentially causing the application to crash, leak sensitive information, or allow an attacker to execute arbitrary code on the affected system. The vulnerability requires local access (Attack Vector: Local) and low attack complexity, with no privileges required but user interaction is necessary to open the malicious file. The scope is unchanged, meaning the exploit affects only the vulnerable component without impacting other components directly. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability. Exploitation could lead to full compromise of the system running V-SFT, which is industrial control software used for programming and managing programmable logic controllers (PLCs). Given the nature of the software, exploitation could disrupt industrial processes or cause safety issues. No known exploits in the wild have been reported yet, but the vulnerability's characteristics make it a significant risk if weaponized. No patches or mitigations have been linked in the provided data, indicating that affected organizations must be vigilant and seek updates from FUJI ELECTRIC promptly.

For European organizations, especially those in manufacturing, energy, utilities, and critical infrastructure sectors that rely on FUJI ELECTRIC's V-SFT software for PLC programming and control, this vulnerability poses a serious risk. Successful exploitation could lead to unauthorized code execution, potentially allowing attackers to manipulate industrial processes, cause operational disruptions, or leak sensitive operational data. This could result in production downtime, safety hazards, financial losses, and reputational damage. Given the local attack vector and requirement for user interaction, insider threats or compromised internal systems could be leveraged to exploit this vulnerability. The high confidentiality, integrity, and availability impacts mean that affected organizations could face severe operational and security consequences. Additionally, disruption in industrial control systems can have cascading effects on supply chains and critical services within Europe.

Organizations should immediately inventory their use of FUJI ELECTRIC V-SFT software and identify all systems running version 6.2.5.0 or earlier. They should apply any available patches or updates from FUJI ELECTRIC as soon as they are released. Until patches are available, restrict access to V-SFT software to trusted users only and enforce strict controls on file sources to prevent opening untrusted or unsolicited V7/V8 files. Implement application whitelisting and endpoint protection solutions capable of detecting anomalous behavior related to buffer overflow exploitation. Conduct user training to raise awareness about the risks of opening suspicious files. Network segmentation should be employed to isolate systems running V-SFT from broader enterprise networks to limit lateral movement in case of compromise. Additionally, monitor logs and system behavior for signs of crashes or unusual activity related to V-SFT processes. Engage with FUJI ELECTRIC support channels for guidance and subscribe to vulnerability advisories for timely updates.