CVE-2025-66585 AzeoTech CVE debrief

Who should care

Organizations using AzeoTech DAQFactory for industrial automation and data acquisition, particularly those in manufacturing, energy, water/wastewater, and other critical infrastructure sectors where DAQFactory is deployed for SCADA or HMI functionality.

Technical summary

The vulnerability exists in the .ctl file parsing component of DAQFactory 20.7 (Build 2555). A Use After Free condition occurs when processing malformed file structures, leading to memory corruption. Successful exploitation could result in arbitrary code execution within the process context. The attack requires local access and user interaction to open a malicious file. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates high impacts to confidentiality, integrity, and availability once exploited.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade to DAQFactory Release 21.1 to remediate this vulnerability.
• Avoid opening .ctl files from unknown or untrusted sources.
• Store .ctl files in directories with admin-only write permissions.
• Use DAQFactory's Safe Mode when loading documents that have been outside organizational control.
• Apply document editing passwords to protect .ctl files from unauthorized modification.
• Implement application whitelisting and endpoint protection on systems running DAQFactory.
• Monitor for suspicious file operations involving .ctl files in user-accessible directories.

Evidence notes

Vulnerability confirmed in DAQFactory release 20.7 (Build 2555). CVSS 3.1 score of 7.8 reflects local attack vector with low attack complexity, no privileges required, but user interaction needed. Advisory revision history documents removal of CVE-2025-66584 and CVE-2025-66587 as duplicative entries.

Official resources