What is the CVSS score of CVE-2025-66608?

CVE-2025-66608 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of FAST are affected by CVE-2025-66608?

CVE-2025-66608 affects Yokogawa FAST/TOOLS, a critical industrial control system platform, through improper URL validation that could enable attackers to bypass security controls or redirect users to…

How to fix or mitigate CVE-2025-66608?

Within 24 hours: Inventory all FAST/TOOLS deployments and assess exposure in production environments; notify Yokogawa support for patch timeline and workarounds. Within 7 days: Implement network segmentation to restrict FAST/TOOLS access to trusted networks only and deploy WAF rules to block malformed URL requests to the application. Within 30 days: Establish continuous monitoring for exploitation attempts; coordinate with Yokogawa for patch deployment immediately upon release and schedule testing in non-production environments.

FAST CVE-2025-66608

HIGH

Path Traversal: '\\..\\filename' (CWE-29)

2026-02-09 7168b535-132a-4efe-a076-338f829b2eb9

Information Disclosure

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 09, 2026 - 04:15 nvd

HIGH 7.5

DescriptionNVD

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.

This product does not properly validate URLs. An attacker could send specially crafted requests to steal files from the web server.

The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

AnalysisAI

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. [CVSS 7.5 HIGH]

Technical ContextAI

Affects Fast\/Tools. A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.

This product does not properly validate URLs. An attacker could send specially crafted requests to steal files from the web server.

The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-66608 vulnerability details – vuln.today

Back

FAST CVE-2025-66608

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code