CVE-2025-9365 is a high-severity vulnerability affecting Fuji Electric's FRENIC-Loader 4 software. The vulnerability is categorized under CWE-502, which involves deserialization of untrusted data. Specifically, the flaw occurs when the software imports a file through a designated window, allowing an attacker to supply maliciously crafted serialized data. This can lead to arbitrary code execution within the context of the application. The vulnerability does not require authentication or privileges, but does require user interaction to import the malicious file. The CVSS 4.0 base score is 8.4, reflecting a high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. The vulnerability is particularly critical because deserialization issues often allow attackers to execute code remotely or escalate privileges, potentially compromising the host system and connected industrial control processes. No known exploits are currently reported in the wild, and no patches have been published yet. The affected product, FRENIC-Loader 4, is used primarily for configuring and managing Fuji Electric's industrial drives and related equipment, which are integral components in manufacturing and industrial automation environments.

For European organizations, especially those in manufacturing, industrial automation, and critical infrastructure sectors, this vulnerability poses a significant risk. Exploitation could lead to unauthorized control over industrial drives, potentially causing operational disruptions, safety hazards, and production downtime. The arbitrary code execution capability could allow attackers to manipulate drive parameters, disrupt processes, or pivot to other systems within the network. Given the critical role of industrial control systems in sectors such as automotive manufacturing, energy, and utilities across Europe, successful exploitation could have cascading effects on supply chains and critical services. The requirement for user interaction (importing a malicious file) means that social engineering or insider threats could facilitate exploitation. The high impact on confidentiality, integrity, and availability underscores the potential for severe operational and safety consequences.

European organizations using Fuji Electric FRENIC-Loader 4 should immediately review and restrict access to the file import functionality to trusted personnel only. Implement strict validation and scanning of any files before import to detect malicious payloads. Employ network segmentation to isolate industrial control systems from general IT networks, reducing exposure. Monitor and log all file import activities for unusual behavior. Since no patches are currently available, consider deploying application whitelisting and endpoint detection and response (EDR) solutions to detect and block suspicious code execution attempts. Conduct user awareness training focused on the risks of importing untrusted files. Engage with Fuji Electric for updates on patches or mitigations and plan for rapid deployment once available. Additionally, implement strict access controls and multi-factor authentication on systems managing industrial drives to limit potential attack vectors.