CVE-2025-66586 AzeoTech CVE debrief

Who should care

Organizations using AzeoTech DAQFactory 20.7 (Build 2555) for industrial control and data acquisition applications, particularly in OT/ICS environments where .ctl configuration files are shared or transferred between systems.

Technical summary

The vulnerability exists in DAQFactory release 20.7 (Build 2555) during parsing of .ctl configuration files. An Access of Resource Using Incompatible Type weakness enables memory corruption when processing maliciously crafted files. This can lead to arbitrary code execution within the context of the running process. The attack vector requires local access with user interaction (opening a malicious file). CVSS 3.1 score: 7.8 (HIGH).

Defensive priority

HIGH

Recommended defensive actions

• Upgrade to DAQFactory Release 21.1 to remediate this vulnerability
• Avoid opening .ctl files from unknown or untrusted sources
• Store .ctl files in directories with admin-only write permissions
• Use DAQFactory Safe Mode when loading documents that have been outside organizational control
• Apply document editing passwords to protect .ctl files
• Review CISA ICS recommended practices for additional defense-in-depth measures

Evidence notes

CISA published advisory ICSA-25-345-03 on December 11, 2025, with Update A issued December 30, 2025, and a final revision on January 12, 2026. The advisory documents memory corruption via .ctl file parsing in DAQFactory 20.7 Build 2555. Vendor fix confirmed in Release 21.1.

Official resources