PT-2025-41555 · V-Sft · V-Sft
Michael Heinzl
·
Published
2025-10-10
·
Updated
2025-10-10
·
CVE-2025-61864
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
V-SFT versions 6.2.7.0 and earlier
Description
A use after free issue exists in the
VS6ComFile!load link inf function. Processing specially crafted V-SFT files may result in information disclosure, system crashes, and arbitrary code execution.Recommendations
Versions prior to 6.2.7.0 should be updated.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
V-Sft