CVE-2025-41388
HighProof-of-ConceptFuji Electric Smart Editor Stack-based Buffer Overflow
7.8
CVSS v3.1 Base Score
High severity — Prioritize remediation
AV: Local AC: LowAuth: None
Stack-based buffer overflow in Fuji Electric Smart Editor allows code execution when a malicious project file is opened. Attack requires social engineering (phishing) to deliver the malicious file. Compromise of engineering workstation enables PLC program manipulation. No known active exploitation but proof-of-concept exists.
Status
Proof-of-Concept
Complexity
Low
Auth Required
No
Initial Access
Malicious project file delivered via phishing or supply chain
Known Techniques
- Crafted project file with oversized field triggering stack buffer overflow
- ROP chain to bypass DEP on Windows engineering workstations
- Shellcode injection via overwritten return address
Published:2025-03-05
Modified:2025-03-20
Vendor:Fuji Electric
CWE:CWE-121
Stack-based Buffer Overflow
Risk Summary
Overall RiskHigh
ExploitationProof-of-Concept
DetectionMedium coverage
Detection Rate82%
Rules Available3
Industry Sectors