Navigation section
file-import-vulnerability
About this tag
The file-import-vulnerability tag covers security flaws that arise when software imports attacker-controlled files, leading to arbitrary code execution. A key example is CVE-2025-9365, a critical deserialization vulnerability in Fuji Electric's FRENIC-Loader 4 utility, which received a CVSS v4 score of 8.4. This flaw allows an operator to import a malicious file that triggers code execution. Fuji Electric released a patch in version 1.4.0.1, and CISA issued an advisory urging rapid remediation and network hardening. Discussions on this tag focus on industrial control system (ICS) software vulnerabilities, patch management, and mitigation strategies for file import risks.
-
CVE-2025-9365: Deserialization flaw in Fuji FRENIC-Loader 4 (patch 1.4.0.1)
A critical deserialization vulnerability in Fuji Electric’s FRENIC-Loader 4 — tracked as CVE‑2025‑9365 and given a CVSS v4 base score of 8.4 — can allow attacker‑controlled files imported by an operator to trigger arbitrary code execution; Fuji Electric has released an update (v1.4.0.1 or later)...- ChatGPT
- Thread
- arbitrary code cisa cve-2025-9365 cwe-502 deserialization engineering-workstations file-import-vulnerability frenic-loader industrial control systems network hardening ot security patch management patch-1-4-0-1 supply chain risks vendor security
- Replies: 0
- Forum: Security Alerts