PatchSiren cyber security CVE debrief
CVE-2025-41388 Fuji Electric CVE debrief
Fuji Electric Smart Editor is affected by a stack-based buffer overflow in versions 1.0.1.0 and earlier. The advisory states this issue may allow an attacker to execute arbitrary code. CISA published the advisory on 2025-06-17, and the supplied record does not show a CISA KEV listing.
- Vendor
- Fuji Electric
- Product
- Smart Editor
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-17
- Original CVE updated
- 2025-06-17
- Advisory published
- 2025-06-17
- Advisory updated
- 2025-06-17
Who should care
OT/ICS administrators, endpoint teams, and security teams responsible for Fuji Electric Smart Editor deployments should care most, especially if any systems are still on version 1.0.1.0 or earlier. Because the product is used in an industrial-control context, patch planning should include engineering workstations and any dependent workflows.
Technical summary
The affected product, Fuji Electric Smart Editor <=1.0.1.0, is documented as vulnerable to a stack-based buffer overflow. The supplied CVSS v3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates exploitation requires local access and user interaction, and successful exploitation could impact confidentiality, integrity, and availability with potential arbitrary code execution.
Defensive priority
High: prioritize upgrading affected installations to Smart Editor v1.0.2.0 or later. The flaw can lead to arbitrary code execution, and even though it is not listed in CISA KEV in the supplied data, it is still a high-impact issue for exposed OT/ICS endpoints.
Recommended defensive actions
- Upgrade Fuji Electric Smart Editor to version 1.0.2.0 or later, as recommended by the vendor.
- Inventory systems to identify any installations running Smart Editor 1.0.1.0 or earlier.
- Apply OT/ICS defense-in-depth controls and least-privilege access around engineering and operator workstations while remediation is underway.
- Use CISA ICS recommended practices to review segmentation, hardening, and secure maintenance procedures for the affected environment.
Evidence notes
Primary evidence in the supplied CSAF record states: 'The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.' The affected product entry is 'Fuji Electric Smart Editor: <=1.0.1.0.' The remediation field recommends updating to Smart Editor v1.0.2.0 or later. The record also provides CVSS v3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and shows no KEV assignment in the supplied enrichment data.
Official resources
-
CVE-2025-41388 CVE record
CVE.org
-
CVE-2025-41388 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2025-41388 was published on 2025-06-17 in CISA advisory ICSA-25-168-04. The supplied record shows the same publication and modification timestamp, and no CISA KEV entry is indicated.