Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Published: 2026-04-01
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow occurs in the V-SFT application’s VS6ComFile!CV7BaseMap::WriteV7DataToRom function. When an attacker supplies a specially crafted V7 file, the overflow allows arbitrary code to run, compromising the integrity and confidentiality of the affected system. The flaw is catalogued as CWE-121.

Affected Systems

The vulnerability targets Fujielectric Co., Ltd. and Hakko Electronics Co., Ltd. V‑SFT products running version 6.2.10.0 or earlier. No patched versions are mentioned, so any installation of those or newer earlier releases may be affected.

Risk and Exploitability

With a CVSS score of 8.4, the vulnerability is rated high severity, while an EPSS score below 1% indicates exploitation is currently uncommon. The lack of a KEV listing suggests no widespread attacks have been reported. The likely attack vector requires an attacker to supply or persuade a user to open a malicious V7 file, so the threat is local or user-facing but could lead to remote code execution if the system processes the file.

Generated by OpenCVE AI on April 7, 2026 at 22:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest official patch or firmware update from the vendor that addresses the V7 file handling logic.
  • If a patch is not yet available, restrict or disable the ability to open V7 files on the vulnerable system.
  • Verify that the patch has been applied by checking the product version and reviewing system logs for unexpected activity.

Generated by OpenCVE AI on April 7, 2026 at 22:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Stack-Based Buffer Overflow in V‑SFT Leading to Arbitrary Code Execution

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:fujielectric:v-sft:*:*:*:*:*:*:*:*

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Fujielectric
Fujielectric v-sft
Vendors & Products Fujielectric
Fujielectric v-sft

Thu, 02 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Fujielectric V-sft
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-02T13:33:08.774Z

Reserved: 2026-03-16T23:27:50.173Z

Link: CVE-2026-32925

cve-icon Vulnrichment

Updated: 2026-04-02T13:28:09.460Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T23:17:02.783

Modified: 2026-04-07T18:27:01.097

Link: CVE-2026-32925

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:56:44Z

Weaknesses