AzeoTech DAQFactory CVE-2025-66586
HIGHSeverity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
In AzeoTech DAQFactory release 20.7 (Build 2555), an access of resource using incompatible type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
AnalysisAI
Type confusion in AzeoTech DAQFactory 20.7 (Build 2555) enables arbitrary code execution when a user opens a maliciously crafted .ctl project file, corrupting memory in the parser and running attacker-controlled code in the process context. Reported through CISA ICS-CERT and tracked in ICS advisory ICSA-25-345-03, the flaw affects industrial data acquisition and HMI deployments; no public exploit identified at time of analysis and EPSS data was not provided.
Technical ContextAI
DAQFactory is an HMI/SCADA and data acquisition platform used in industrial control system (ICS) environments, where .ctl files store project, screen, and channel configuration consumed by the runtime. The root cause is CWE-843 (Access of Resource Using Incompatible Type, commonly known as type confusion): the .ctl parser interprets a memory region as one object type while it actually contains another, causing pointer or vtable misuse that the tags 'Buffer Overflow, Memory Corruption' reinforce. Per the supplied CPE (cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*) the application is affected with no architecture or platform qualifier, but the description explicitly pins the issue to release 20.7 Build 2555.
RemediationAI
No vendor-released patch identified at time of analysis in the provided data; consult CISA ICSA-25-345-03 (https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03) and the CSAF document for the latest fixed build from AzeoTech and upgrade DAQFactory beyond release 20.7 Build 2555 once published. Until a patched build is available, restrict .ctl file handling to trusted, signed sources only, block .ctl attachments at the email gateway and web proxy (trade-off: legitimate project sharing must move to an internal repository with integrity checks), isolate DAQFactory engineering workstations from general-purpose user networks and the internet to limit malicious-file delivery, and enforce application allowlisting plus least-privilege user accounts so that successful exploitation does not yield SYSTEM-level access on the ICS host.
More in Daqfactory
View allCode execution in AzeoTech DAQFactory versions 21.1 and prior is achievable when a user opens a maliciously crafted .ctl
Arbitrary code execution in AzeoTech DAQFactory (versions 21.1 and prior) arises from a use-after-free flaw triggered wh
Out-of-bounds write in AzeoTech DAQFactory release 20.7 (Build 2555) enables arbitrary code execution or denial of servi
Arbitrary code execution in AzeoTech DAQFactory release 20.7 (Build 2555) is possible when a local user opens or interac
Local code execution in AzeoTech DAQFactory release 20.7 (Build 2555) is possible when a user opens a maliciously crafte
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today