CVE-2025-61857 is an out-of-bounds write vulnerability identified in the V-SFT software developed by FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd., specifically affecting versions 6.2.7.0 and earlier. The vulnerability resides in the VS6ComFile!CItemExChange::WinFontDynStrCheck function, which improperly handles font-related dynamic string data when processing V-SFT files. An attacker can craft malicious V-SFT files that, when opened by the vulnerable software, trigger an out-of-bounds write condition. This memory corruption can lead to multiple adverse effects, including unauthorized disclosure of sensitive information, abnormal system termination (ABEND), and potentially arbitrary code execution with the privileges of the user running the software. The CVSS v3.1 base score is 7.8, indicating high severity, with an attack vector classified as local (AV:L), requiring low attack complexity (AC:L), no privileges (PR:N), but user interaction (UI:R). The vulnerability affects confidentiality, integrity, and availability (all rated high impact). Although no exploits are currently known in the wild, the potential for exploitation exists, especially in environments where V-SFT files are exchanged or imported from untrusted sources. V-SFT is commonly used in industrial automation and manufacturing control systems, making this vulnerability particularly relevant to operational technology (OT) environments. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts to reduce risk.

For European organizations, especially those in manufacturing, industrial automation, and critical infrastructure sectors, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to sensitive operational data, disruption of industrial processes due to system crashes, and potential takeover of affected systems through arbitrary code execution. Such impacts could result in production downtime, safety hazards, financial losses, and damage to reputation. Given the local attack vector and requirement for user interaction, the threat is more pronounced in environments where users handle V-SFT files from external or untrusted sources. The confidentiality breach could expose proprietary manufacturing data or intellectual property. The integrity and availability impacts could disrupt automated control systems, affecting supply chains and critical services. European industries with integrated FUJI ELECTRIC automation solutions are particularly vulnerable, necessitating urgent attention to this issue.

1. Immediately restrict the opening of V-SFT files to trusted sources only, implementing strict file validation and scanning procedures. 2. Employ application whitelisting and sandboxing techniques to isolate V-SFT processes and limit the impact of potential exploitation. 3. Monitor and audit user activities related to V-SFT file handling to detect anomalous behavior indicative of exploitation attempts. 4. Coordinate with FUJI ELECTRIC and Hakko Electronics for timely receipt and deployment of official patches or updates addressing this vulnerability. 5. Educate users on the risks of opening unsolicited or suspicious V-SFT files and enforce policies to minimize user interaction with untrusted files. 6. Implement network segmentation to isolate systems running V-SFT from broader enterprise networks, reducing lateral movement risks. 7. Utilize endpoint detection and response (EDR) solutions to identify and respond to exploitation attempts rapidly. 8. Prepare incident response plans specific to industrial control system compromises involving V-SFT to minimize operational impact.