CVE-2026-32925 is a stack-based buffer overflow vulnerability identified in the V-SFT software developed by FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd., affecting versions 6.2.10.0 and prior. The vulnerability resides in the VS6ComFile!CV7BaseMap::WriteV7DataToRom function, which is responsible for writing data from V7 files to ROM. When a crafted V7 file is opened, the function improperly handles input data, leading to a buffer overflow on the stack. This overflow can overwrite control data, enabling an attacker to execute arbitrary code within the context of the V-SFT process. The CVSS 3.1 base score is 7.8, reflecting high severity due to the potential for full system compromise. The attack vector is local (AV:L), requiring the attacker to have access to the system and to convince a user to open the malicious file (UI:R). No privileges are required (PR:N), and the scope is unchanged (S:U). The vulnerability impacts confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits are known, the vulnerability poses a significant risk in environments where V-SFT is used, particularly in industrial automation and control systems where FUJI ELECTRIC products are prevalent. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts.

The vulnerability allows an attacker to execute arbitrary code on systems running vulnerable versions of V-SFT, potentially leading to full compromise of the affected system. This can result in unauthorized access to sensitive industrial control data, manipulation of operational parameters, disruption of automation processes, and potential physical damage if safety controls are bypassed. The compromise of V-SFT could also serve as a foothold for lateral movement within industrial networks, increasing the risk of widespread operational disruption. Given the critical role of FUJI ELECTRIC's V-SFT in industrial environments, the impact extends beyond IT systems to operational technology (OT), potentially affecting manufacturing, energy, and infrastructure sectors. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk, especially in environments where users handle V7 files regularly. The absence of known exploits reduces immediate threat but does not diminish the urgency for remediation due to the high potential impact.

Organizations should immediately identify and inventory all instances of V-SFT software, focusing on versions 6.2.10.0 and earlier. Until patches are available, restrict access to systems running V-SFT to trusted personnel only and implement strict file handling policies to prevent opening untrusted or unsolicited V7 files. Employ application whitelisting and sandboxing techniques to limit the execution context of V-SFT and reduce the impact of potential exploitation. Network segmentation should isolate industrial control systems from general IT networks to prevent lateral movement. Monitor logs and system behavior for unusual activity indicative of exploitation attempts. Engage with FUJI ELECTRIC and Hakko Electronics for updates on patches or official mitigations. Additionally, conduct user training to raise awareness about the risks of opening suspicious files. Implement endpoint detection and response (EDR) solutions tailored for OT environments to detect exploitation attempts promptly.