CVE-2026-32925

High

Published: 01 April 2026

Published

01 April 2026

Modified

07 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0003 7.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32925 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Fujielectric V-Sft. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Flaw remediation directly mitigates the stack-based buffer overflow by applying vendor patches for affected V-SFT versions.

SI-10 Information Input Validation good match

prevent

Information input validation prevents processing of crafted V7 files that trigger the buffer overflow in CV7BaseMap::WriteV7DataToRom.

SI-16 Memory Protection partial match

prevent

Memory protection mechanisms like stack canaries and DEP mitigate exploitation of the stack-based buffer overflow to arbitrary code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in client application (V-SFT) triggered by opening a crafted V7 file directly enables T1203 (Exploitation for Client Execution) and requires T1204.002 (User Execution: Malicious File) to achieve arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.

Deeper analysisAI

CVE-2026-32925 is a stack-based buffer overflow vulnerability (CWE-121) affecting V-SFT versions 6.2.10.0 and prior. The flaw resides in the VS6ComFile!CV7BaseMap::WriteV7DataToRom component, where processing a specially crafted V7 file can trigger the overflow, potentially leading to arbitrary code execution on the affected product.

The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Exploitation requires local access to the system with low attack complexity and no privileges, but relies on user interaction, such as convincing a user to open a malicious V7 file. Successful exploitation allows an attacker to achieve high impacts on confidentiality, integrity, and availability, including full arbitrary code execution in the context of the application.

Mitigation details and patch information are available in the vendor advisory from Fuji Electric at https://felib.fujielectric.co.jp/en/M10010/M20060/document_detail/5d9dd71d-9494-41a4-aa5c-8e6b8b21066b?region=en-glb and the JVN advisory at https://jvn.jp/en/vu/JVNVU90448293/. Security practitioners should review these resources for update instructions and workarounds.