CVE-2026-32925
Received Received - Intake
Stack-Based Buffer Overflow in V-SFT VS6ComFile Allows Code Execution

Publication date: 2026-04-01

Last updated on: 2026-04-07

Assigner: JPCERT/CC

Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-01
Last Modified
2026-04-07
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32925
EUVD
EUVD-2026-18098
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fujielectric v-sft to 6.2.10.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack-based buffer overflow found in V-SFT versions 6.2.10.0 and earlier, specifically in the function VS6ComFile!CV7BaseMap::WriteV7DataToRom. When a specially crafted V7 file is opened, it can trigger this overflow, potentially allowing an attacker to execute arbitrary code on the affected system.

Impact Analysis

Exploitation of this vulnerability can lead to arbitrary code execution, which means an attacker could run malicious code on your system without authorization. This could result in complete compromise of the affected product, including unauthorized access, data corruption, or disruption of services.

Compliance Impact

CVE-2026-32925 is a stack-based buffer overflow vulnerability that can lead to arbitrary code execution and information disclosure. Such vulnerabilities can potentially impact compliance with standards and regulations like GDPR and HIPAA because they threaten the confidentiality, integrity, and availability of sensitive data.

Specifically, the vulnerability's high impact on confidentiality, integrity, and availability (as indicated by its CVSS score) means that if exploited, it could result in unauthorized access to or modification of personal or protected health information, which would violate requirements under GDPR and HIPAA.

Therefore, organizations using affected versions of V-SFT should update to the fixed version (6.2.11.0) to mitigate these risks and maintain compliance with such regulations.

Detection Guidance

This vulnerability involves a stack-based buffer overflow triggered by opening a crafted V7 file in V-SFT versions 6.2.10.0 and prior. Detection typically requires verifying the version of the V-SFT software installed on your system.

Since the vulnerability is local and triggered by user interaction (opening a crafted file), network detection is limited. You can check the installed version of V-SFT software to identify if it is vulnerable.

  • On Windows, use the command: "wmic product where "name like '%V-SFT%'" get name, version" to find the installed version.
  • Alternatively, check the software version via the V-SFT application interface or its About section.

No specific detection commands or network signatures for this vulnerability are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to update the V-SFT software to version 6.2.11.0 or later, as this version addresses the vulnerability.

Avoid opening untrusted or suspicious V7 files, since exploitation requires opening a crafted file.

Ensure that users have limited privileges and are aware of the risks of opening files from untrusted sources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32925. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart