CVE-2025-61864 is a use-after-free vulnerability identified in the V-SFT software developed by FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd., specifically affecting versions 6.2.7.0 and earlier. The vulnerability resides in the VS6ComFile!load_link_inf function, which improperly manages memory when processing V-SFT files. When a specially crafted file is opened, the software may attempt to access memory that has already been freed, leading to undefined behavior. This can result in information disclosure, abnormal termination of the application (ABEND), or arbitrary code execution, allowing an attacker to potentially run malicious code within the context of the vulnerable application. The CVSS v3.1 base score is 7.8, reflecting high severity, with an attack vector classified as local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact is high on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk due to the potential for code execution and data compromise. V-SFT is commonly used in industrial automation and manufacturing environments, where FUJI ELECTRIC products are deployed. The vulnerability's exploitation could disrupt critical industrial processes or leak sensitive operational data. The lack of an official patch link indicates that remediation may still be pending, emphasizing the need for interim mitigations and monitoring.

For European organizations, particularly those in manufacturing, industrial automation, and critical infrastructure sectors, this vulnerability poses a substantial risk. Exploitation could lead to unauthorized disclosure of sensitive operational data, disruption of industrial control systems, and potential takeover of affected systems through arbitrary code execution. Such impacts could result in production downtime, safety hazards, financial losses, and damage to organizational reputation. Given the local attack vector and requirement for user interaction, the threat is more relevant to internal users or attackers with some access to the environment, such as through phishing or insider threats. However, the high impact on confidentiality, integrity, and availability means that successful exploitation could have severe consequences for operational continuity and data security. European organizations relying on V-SFT for automation tasks should consider this vulnerability a priority for risk management and incident preparedness.

1. Restrict the sources of V-SFT files to trusted and verified origins to reduce the risk of opening malicious files. 2. Implement strict application whitelisting and execution control policies to prevent unauthorized or unexpected execution of V-SFT or related processes. 3. Educate users about the risks of opening files from untrusted sources and enforce policies to verify file authenticity before opening. 4. Monitor application logs and system behavior for signs of abnormal crashes or suspicious activity related to V-SFT. 5. Employ network segmentation to isolate systems running V-SFT, limiting lateral movement in case of compromise. 6. Once available, promptly apply official patches or updates from FUJI ELECTRIC / Hakko Electronics to remediate the vulnerability. 7. Consider deploying endpoint detection and response (EDR) solutions capable of detecting exploitation attempts involving use-after-free conditions or abnormal memory access patterns. 8. Maintain regular backups and incident response plans tailored to industrial control system environments to minimize downtime and data loss.