CVE-2025-66585
Last modified
CVE-2025-66585 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. In AzeoTech DAQFactory release 20.7 (Build 2555), a use after free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.. EPSS estimates a 0.19% chance of exploitation in the next 30 days.
Description
In AzeoTech DAQFactory release 20.7 (Build 2555), a use after free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Azeotech | Daqfactory | < 21.1 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-66585?
How severe is CVE-2025-66585?
How do I fix CVE-2025-66585?
Are you affected by CVE-2025-66585?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST