CVE-2025-54496
Published: 04 November 2025
Summary
CVE-2025-54496 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Fujielectric Monitouch V-Sft. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-37826
Vulnerability details
A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap-based buffer overflow (CVE-2025-54496), stack-based buffer overflow (CVE-2025-54526), and out-of-bounds write (CVE-2025-53524) in Fuji Electric Monitouch V-SFT-6 allow arbitrary code execution via malicious project files opened in the client application (AV:L/UI:R), facilitating Exploitation for Client Execution (T1203).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.