CVE-2025-32412 Fuji Electric CVE debrief

Who should care

Fuji Electric Smart Editor users and administrators, especially organizations running version 1.0.1.0 or earlier in operational or industrial environments.

Technical summary

The advisory describes an out-of-bounds read in Fuji Electric Smart Editor. The supplied CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack conditions with user interaction required and potential high impact if exploited. The affected product is listed as Fuji Electric Smart Editor <=1.0.1.0, and the vendor remediation is to upgrade to v1.0.2.0 or later.

Defensive priority

High. Prioritize patching because the advisory rates the issue HIGH (CVSS 7.8) and states it may allow arbitrary code execution.

Recommended defensive actions

• Inventory all Fuji Electric Smart Editor installations and confirm whether any instance is version 1.0.1.0 or earlier.
• Upgrade affected systems to Smart Editor v1.0.2.0 or later as recommended by Fuji Electric.
• Validate the update in a controlled environment before broad deployment where operational constraints require testing.
• Review access and usage around Smart Editor on systems that handle untrusted files or inputs, and limit use to trusted operators until patched.
• Track the CISA advisory and vendor release notes for any follow-up guidance or revised remediation details.

Evidence notes

The supplied CISA CSAF source for ICSA-25-168-04 states that Fuji Electric Smart Editor <=1.0.1.0 is vulnerable to an out-of-bounds read that may allow arbitrary code execution. The same source includes Fuji Electric's remediation to update to v1.0.2.0 or later. The supplied enrichment also indicates no KEV listing and no known ransomware campaign use.

Official resources