{"id":59347,"date":"2025-07-13T07:52:26","date_gmt":"2025-07-13T07:52:26","guid":{"rendered":""},"modified":"2025-09-06T12:12:32","modified_gmt":"2025-09-06T18:12:32","slug":"cve-2025-47754-critical-out-of-bounds-read-vulnerability-in-v-sft","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-47754-critical-out-of-bounds-read-vulnerability-in-v-sft\/","title":{"rendered":"CVE-2025-47754: Critical Out-Of-Bounds Read Vulnerability in V-SFT<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-47754 is a critical security vulnerability affecting V-SFT v6.2.5.0 and earlier versions. The vulnerability resides in the VS6EditData!Conv_Macro_Data function. It is a severe out-of-bounds read vulnerability that can be exploited if a user opens<\/a> specially crafted V7 or V8 files. The exploit may lead to system crashes, unauthorized information disclosure, and arbitrary code<\/a> execution. In the worst-case scenario, this could potentially compromise an entire system or lead<\/a> to significant data leakage.
\nThis vulnerability is particularly alarming due<\/a> to its potential impact on users and systems utilizing V-SFT. As a widely used software in industrial automation, any compromise or data leakage could lead<\/a> to significant operational disruptions and financial losses. The vulnerability\u2019s severity<\/a> is underlined by its CVSS Severity Score of 7.8, indicating its high-risk nature.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-47754
\nSeverity: High (CVSS: 7.8)
\nAttack Vector: Local
\nPrivileges Required: Low
\nUser Interaction: Required
\nImpact: System crash, information disclosure, and arbitrary code execution<\/a><\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n