CVE-2025-61858 is an out-of-bounds write vulnerability identified in the VS6ComFile!set_AnimationItem function of the V-SFT software developed by FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd. This vulnerability affects versions 6.2.7.0 and earlier. The flaw arises when the software processes specially crafted V-SFT files, leading to memory corruption through an out-of-bounds write operation. This memory corruption can result in multiple adverse outcomes including information disclosure, abnormal system termination (ABEND), and arbitrary code execution. The vulnerability requires user interaction to open a malicious file but does not require any privileges, making it accessible to a wide range of attackers. The CVSS v3.1 score of 7.8 reflects high severity, with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No public exploits are currently known, but the risk remains significant due to the potential for severe impact on affected systems. V-SFT is commonly used in industrial automation and control systems, which are critical for manufacturing and infrastructure operations. The vulnerability's exploitation could disrupt industrial processes, leak sensitive operational data, or allow attackers to execute arbitrary code within the affected environment. The lack of available patches at the time of disclosure increases the urgency for organizations to implement interim mitigations and monitor for suspicious activity.

For European organizations, especially those involved in industrial automation, manufacturing, and critical infrastructure, this vulnerability poses a substantial risk. Exploitation could lead to operational downtime due to system crashes, compromising production lines and causing financial losses. Information disclosure could expose sensitive operational data or intellectual property, undermining competitive advantage and regulatory compliance. Arbitrary code execution could allow attackers to implant persistent malware, manipulate control processes, or pivot within networks, potentially leading to broader industrial espionage or sabotage. Given the reliance on V-SFT in sectors such as automotive, energy, and manufacturing, the impact extends beyond individual organizations to national economic and security interests. Disruption of industrial control systems could also have safety implications, increasing the risk of accidents or environmental harm. The requirement for user interaction limits remote exploitation but does not eliminate risk, as social engineering or insider threats could facilitate attack vectors. The absence of known exploits currently provides a window for proactive defense, but the high severity score underscores the need for urgent attention.

1. Apply official patches from FUJI ELECTRIC CO., LTD. / Hakko Electronics Co., Ltd. as soon as they become available to remediate the vulnerability. 2. Until patches are released, restrict the opening of V-SFT files to trusted sources only, employing strict file validation and sandboxing where possible. 3. Implement application whitelisting to prevent unauthorized execution of potentially malicious files. 4. Educate users on the risks of opening unsolicited or unexpected V-SFT files to reduce the likelihood of successful social engineering. 5. Monitor system logs and network traffic for unusual activity indicative of exploitation attempts, such as unexpected crashes or anomalous process behavior. 6. Employ endpoint detection and response (EDR) solutions capable of detecting memory corruption and code injection techniques. 7. Segment industrial control networks to limit lateral movement in case of compromise. 8. Maintain up-to-date backups of critical systems to enable recovery from potential disruptions. 9. Coordinate with vendors and cybersecurity authorities for timely threat intelligence and guidance.