CVE-2025-66586
Last modified
CVE-2025-66586 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. In AzeoTech DAQFactory release 20.7 (Build 2555), an access of resource using incompatible type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.. EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
In AzeoTech DAQFactory release 20.7 (Build 2555), an access of resource using incompatible type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Azeotech | Daqfactory | < 21.1 |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-66586?
How severe is CVE-2025-66586?
How do I fix CVE-2025-66586?
Are you affected by CVE-2025-66586?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST